Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Malwarebytes - Fund

Malwarebytes - Fund


Log-Analyse und Auswertung: Malwarebytes - Fund

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 31.05.2012, 15:58   #1
LeeLeeSob
 
Malwarebytes - Fund - Standard

Malwarebytes - Fund


Nachdem Avira mehrmals aufgehängt und der Defender sich ständig ausgeschaltet hat, hab ich Malwarebytes laufen lassen und folgendes kam dabei raus:

Zitat:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.28.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
HOPSI :: CHRISTKIND-PC [Administrator]

29.05.2012 00:48:49
mbam-log-2012-05-29 (00-48-49).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 586621
Laufzeit: 5 Stunde(n), 41 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{339A0DFF-D9AF-439B-92BC-636220FB3DAE} (PUP.FunWebProducts) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{339A0DFF-D9AF-439B-92BC-636220FB3DAE} (PUP.FunWebProducts) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Was zum Teufel ist das und was mach ich jetzt?
Die Probleme mit meinem Laptop häufen sich mittlerweile, Windows-Mail merkt sich kein Passwort, PDF-Dateien sind nicht mehr lesbar, der angebliche Standardsuchanbieter auf IE wurde beschädigt, obwohl das eigentlich Google ist und tadellos funktioniert. Der Scanner meint, ein Softwareproblem zu orten, obwohl bei der Diagnose alles einwandfrei läuft. Sehr mysteriös für mich.

Ich flehe um Hilfe, bin panisch.

Alt 31.05.2012, 22:03   #2
kira
/// Helfer-Team
 
Malwarebytes - Fund - Standard

Malwarebytes - Fund


Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

2.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
gruß
kira
__________________

__________________
Alt 31.05.2012, 22:41   #3
LeeLeeSob
 
Malwarebytes - Fund - Standard

Malwarebytes - Fund


Oh, so schnell hab ich gar nicht mit einer Antwort gerechnet, dafür hab ich schon vorgearbeitet:

OTL:
Zitat:
TL logfile created on: 31.05.2012 16:35:21 - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\HOPSI\Müll
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

1,87 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 56,59% Memory free
3,99 Gb Paging File | 2,68 Gb Available in Paging File | 67,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,74 Gb Total Space | 164,43 Gb Free Space | 73,49% Space Free | Partition Type: NTFS
Drive D: | 7,59 Gb Total Space | 0,75 Gb Free Space | 9,88% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,77% Space Free | Partition Type: NTFS

Computer Name: CHRISTKIND-PC | User Name: HOPSI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.05.31 16:32:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\HOPSI\Müll\OTL.exe
PRC - [2012.05.30 23:04:24 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:48:48 | 000,466,896 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avscan.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2011.01.17 18:50:34 | 000,307,200 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\swriter.exe
PRC - [2009.10.23 11:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.19 09:38:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2007.02.07 03:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2007.02.06 10:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\AEADISRV.EXE
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012.05.30 23:28:44 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.05.30 23:28:44 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll
MOD - [2007.02.02 18:01:32 | 000,159,744 | ---- | M] () -- C:\WINDOWS\System32\atitmmxx.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.05.30 23:04:25 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009.10.23 11:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.18 20:38:43 | 000,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.03.18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:34:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\mprdim.dll -- (RemoteAccess)
SRV - [2007.02.07 03:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007.02.06 10:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.06.22 07:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.25 02:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009.04.29 08:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009.04.11 06:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (udfs)
DRV - [2008.11.21 22:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.01.19 08:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008.01.19 07:49:16 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2007.04.10 15:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007.02.02 18:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 11:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\mpio.sys -- (mpio)
DRV - [2006.11.02 11:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2006.11.02 11:49:44 | 000,023,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\msahci.sys -- (msahci)
DRV - [2006.11.02 11:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\wd.sys -- (Wd)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:26 | 000,015,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\amdide.sys -- (amdide)
DRV - [2006.11.02 11:49:24 | 000,014,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\intelide.sys -- (intelide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 11:03:00 | 000,242,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2006.11.02 10:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006.11.02 10:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006.11.02 10:55:08 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\circlass.sys -- (circlass)
DRV - [2006.11.02 10:55:05 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2006.11.02 10:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006.11.02 10:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006.11.02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006.11.02 10:51:38 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2006.11.02 10:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fdc.sys -- (fdc)
DRV - [2006.11.02 10:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2006.11.02 10:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2006.11.02 10:35:12 | 000,082,432 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sdbus.sys -- (sdbus)
DRV - [2006.11.02 10:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2006.11.02 10:30:18 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2006.11.02 10:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\processr.sys -- (Processor)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.10.30 13:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=none&bd=smb&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=none&bd=smb&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8b0d31e7-0331-43cc-87cd-a472317f1305}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNzfb010YYat_ZKxdm604YYat&ptb=BF440357-C679-4203-BB69-37091495D1D2&psa=&ind=2011010713&ptnrS=ZNzfb010YYat_ZKxdm604YYat&si=&st=sb&n=77dd9699&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hp.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GGNI_de AT484
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Users\HOPSI\Downloads\Diverses\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\HOPSI\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\HOPSI\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.31 13:19:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.31 13:19:25 | 000,000,000 | ---D | M]

[2009.12.25 00:39:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOPSI\AppData\Roaming\mozilla\Extensions
[2009.11.20 15:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOPSI\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012.01.03 02:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOPSI\AppData\Roaming\mozilla\Firefox\Profiles\dvboq4hq.default\extensions
[2011.05.22 14:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOPSI\AppData\Roaming\mozilla\Firefox\Profiles\dvboq4hq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.04.05 01:49:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOPSI\AppData\Roaming\mozilla\Firefox\Profiles\dvboq4hq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.05.14 16:44:32 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\HOPSI\AppData\Roaming\mozilla\Firefox\Profiles\dvboq4hq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.02.25 22:46:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOPSI\AppData\Roaming\mozilla\Firefox\Profiles\dvboq4hq.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011.04.05 01:49:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\HOPSI\AppData\Roaming\mozilla\Firefox\Profiles\dvboq4hq.default\extensions\engine@conduit.com
[2010.06.30 22:46:44 | 000,002,333 | ---- | M] () -- C:\Users\HOPSI\AppData\Roaming\Mozilla\Firefox\Profiles\dvboq4hq.default\searchplugins\askcom.xml
[2010.01.13 19:16:11 | 000,000,881 | ---- | M] () -- C:\Users\HOPSI\AppData\Roaming\Mozilla\Firefox\Profiles\dvboq4hq.default\searchplugins\conduit.xml
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.06.01 14:11:36 | 000,342,516 | ---- | M] () (No name found) -- C:\USERS\HOPSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DVBOQ4HQ.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2011.05.24 14:29:48 | 000,207,859 | ---- | M] () (No name found) -- C:\USERS\HOPSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DVBOQ4HQ.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
[2011.04.05 01:50:14 | 000,348,376 | ---- | M] () (No name found) -- C:\USERS\HOPSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DVBOQ4HQ.DEFAULT\EXTENSIONS\{5C46D283-ABDE-4DCE-B83C-08881401921C}.XPI
[2011.06.01 14:11:36 | 000,059,667 | ---- | M] () (No name found) -- C:\USERS\HOPSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DVBOQ4HQ.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
[2011.04.05 01:50:27 | 000,739,428 | ---- | M] () (No name found) -- C:\USERS\HOPSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DVBOQ4HQ.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI
[2011.05.24 14:29:48 | 000,594,137 | ---- | M] () (No name found) -- C:\USERS\HOPSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DVBOQ4HQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.05.22 14:08:21 | 000,300,553 | ---- | M] () (No name found) -- C:\USERS\HOPSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DVBOQ4HQ.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
File not found (No name found) -- C:\USERS\HOPSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DVBOQ4HQ.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
[2009.06.24 01:47:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\HOPSI\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\HOPSI\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\HOPSI\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\HOPSI\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\HOPSI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\HOPSI\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\HOPSI\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\
CHR - Extension: Google Mail = C:\Users\HOPSI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKLM..\RunOnce: [] C:\Program Files\HP\Print Projects\Common01\Bin\HpqWLPG03.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Users\HOPSI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\HOPSI\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\HOPSI\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mystery%20Legends%20-%20Sleepy%20Hollow/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7ABCB6CD-81B2-4172-B0F3-B3AB3CDB32A5}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7ABCB6CD-81B2-4172-B0F3-B3AB3CDB32A5}: NameServer = 195.3.96.67,195.3.96.68
O18 - Protocol\Handler\schmap-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\HOPSI\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\HOPSI\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{09e4315c-b7e9-11de-a613-d02839127291}\Shell - "" = AutoRun
O33 - MountPoints2\{09e4315c-b7e9-11de-a613-d02839127291}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.05.31 15:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Complete
[2012.05.31 15:12:19 | 000,015,368 | ---- | C] (PDF Complete, Inc.) -- C:\Windows\System32\pdfc_port.dll
[2012.05.31 15:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Complete
[2012.05.31 15:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFC
[2012.05.31 14:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange
[2012.05.31 14:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2012.05.31 14:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.05.31 14:51:30 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\AppData\Roaming\pdfforge
[2012.05.31 14:51:21 | 000,054,784 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2012.05.31 14:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.05.31 13:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2012.05.31 13:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012.05.31 13:09:24 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012.05.31 02:22:18 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\AppData\Roaming\Avira
[2012.05.31 02:20:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.05.31 02:20:19 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.31 02:20:19 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.05.31 02:20:19 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.05.31 02:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.05.31 02:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.05.31 00:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.05.31 00:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.31 00:00:52 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.30 23:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012.05.30 23:57:26 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.05.30 23:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.05.30 23:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.05.30 23:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.05.30 23:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012.05.30 23:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012.05.30 23:50:45 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\AppData\Roaming\OpenCandy
[2012.05.30 23:49:50 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\System32\QtCore4.dll
[2012.05.30 23:49:50 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.05.30 23:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.05.30 23:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.05.30 23:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.05.30 23:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.05.30 23:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.05.30 23:28:16 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012.05.30 23:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012.05.30 23:11:47 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012.05.30 23:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2012.05.30 23:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012.05.30 23:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.05.30 23:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.05.30 22:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.30 21:48:46 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.05.30 21:37:54 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\Müll
[2012.05.29 00:45:03 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\AppData\Roaming\Malwarebytes
[2012.05.29 00:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.27 14:38:26 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\AppData\Local\CrashDumps
[2012.05.16 15:16:55 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\AppData\Local\Deployment
[2012.05.16 15:16:55 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\AppData\Local\Apps
[2012.05.16 08:16:34 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\AppData\Roaming\Hdha
[2012.05.08 18:47:01 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\Documents\Befunde & Gutachten
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.05.31 16:30:56 | 000,000,000 | ---- | M] () -- C:\Users\HOPSI\defogger_reenable
[2012.05.31 16:29:12 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.31 16:29:12 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.31 16:21:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.31 15:56:24 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.31 15:52:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1457105073-1478914729-850536785-1006UA.job
[2012.05.31 14:59:31 | 000,000,988 | ---- | M] () -- C:\Users\HOPSI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012.05.31 14:04:02 | 000,225,198 | ---- | M] () -- C:\Windows\hpoins43.dat
[2012.05.31 13:16:28 | 000,001,932 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.05.31 13:15:09 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012.05.31 13:14:41 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Shop für HP Zubehör.lnk
[2012.05.31 13:13:02 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\Windows Live Fotogalerie.lnk
[2012.05.31 12:32:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.31 12:29:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.31 04:24:09 | 000,006,396 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.05.31 03:55:33 | 000,400,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.31 02:20:44 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.31 00:00:54 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.30 23:52:46 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.05.30 23:49:55 | 000,000,992 | ---- | M] () -- C:\Users\HOPSI\Desktop\DVDVideoSoft Free Studio.lnk
[2012.05.30 22:49:21 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.30 22:27:25 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.05.30 22:27:25 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.05.30 22:27:14 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.05.30 21:52:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1457105073-1478914729-850536785-1006Core.job
[2012.05.09 12:49:35 | 000,639,026 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.09 12:49:35 | 000,604,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.09 12:49:35 | 000,130,946 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.09 12:49:35 | 000,108,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.04 23:25:44 | 000,005,146 | ---- | M] () -- C:\Users\HOPSI\Documents\fb.eml
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.05.31 16:30:56 | 000,000,000 | ---- | C] () -- C:\Users\HOPSI\defogger_reenable
[2012.05.31 14:59:31 | 000,000,988 | ---- | C] () -- C:\Users\HOPSI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012.05.31 13:16:28 | 000,001,932 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.05.31 13:15:09 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012.05.31 13:14:41 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Shop für HP Zubehör.lnk
[2012.05.31 13:13:02 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\Windows Live Fotogalerie.lnk
[2012.05.31 13:04:17 | 000,225,198 | ---- | C] () -- C:\Windows\hpoins43.dat
[2012.05.31 02:20:44 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.31 00:00:54 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.30 23:52:46 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.05.30 23:49:55 | 000,000,992 | ---- | C] () -- C:\Users\HOPSI\Desktop\DVDVideoSoft Free Studio.lnk
[2012.05.30 23:45:21 | 000,000,840 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.05.30 23:04:25 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.30 23:02:08 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.05.30 22:49:21 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.30 22:27:14 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.05.30 21:47:13 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1457105073-1478914729-850536785-1006UA.job
[2012.05.30 21:47:12 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1457105073-1478914729-850536785-1006Core.job
[2011.04.03 14:11:54 | 000,220,948 | ---- | C] () -- C:\Windows\hpoins43.dat.temp

========== LOP Check ==========

[2011.06.12 10:17:18 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\1&1 Mail & Media GmbH
[2009.03.27 19:00:16 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\7Wonders
[2009.03.15 19:21:16 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Abra Academy
[2009.03.17 00:29:04 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Abra Academy2
[2009.10.03 15:12:33 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\ACD Systems
[2009.11.26 00:19:07 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Aisle 5 Games, Inc
[2009.11.30 01:22:35 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Artogon
[2009.11.10 23:20:41 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Azuaz Games
[2010.07.05 21:01:02 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Big Fish Games
[2010.01.03 01:28:53 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\blg
[2009.03.01 23:28:10 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\BloodTies
[2009.04.09 22:19:11 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\cerasus.media
[2009.03.21 22:03:02 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Coyotes Tale
[2009.12.27 21:40:58 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Cuttermaran
[2009.12.13 23:38:54 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Dekovir
[2009.08.24 20:00:53 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Dragon Altar Games
[2009.11.17 20:43:08 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\DriverCure
[2012.05.30 23:50:44 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\DVDVideoSoft
[2012.05.30 23:50:10 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.12 01:27:46 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Elephant Games
[2012.02.13 09:18:08 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Enki Games
[2009.11.28 22:56:36 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\ERS G-Studio
[2009.12.24 22:42:17 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\FlashGet
[2010.07.06 00:30:02 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Flood Light Games
[2009.03.15 18:17:29 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\FloodLightGames
[2010.07.05 23:19:36 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\FlyWheelGames
[2009.11.08 20:48:25 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Friday's games
[2012.02.08 04:44:34 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Frogwares
[2009.02.20 22:16:46 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Gaijin Ent
[2009.11.26 00:13:43 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\GameInvest
[2010.07.16 21:07:20 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Gamers Digital
[2009.10.27 00:18:37 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Games
[2009.11.07 22:48:07 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\GAMESHASTRA
[2009.03.22 17:40:35 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Gogii Games
[2009.12.03 22:29:22 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Gold Casual Games
[2011.02.09 19:23:36 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\gtk-2.0
[2012.05.16 14:13:48 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Hdha
[2008.09.11 02:19:05 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Hewlett Packard
[2009.10.10 00:25:17 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\HiT-MM
[2012.03.05 00:56:04 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\HitPoint Studios
[2008.09.11 02:44:25 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\InterVideo
[2009.11.29 00:22:32 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Island
[2010.01.16 17:43:28 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\ITTNord
[2010.02.20 21:21:17 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\JewelMatch2
[2009.02.28 22:49:40 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Legends of pirates
[2010.01.13 18:19:02 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\LimeWire
[2009.11.08 23:08:50 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Little Games Company
[2010.07.08 23:46:43 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Lost in the City
[2010.07.05 22:10:01 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\MA
[2009.03.22 22:41:39 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Magic Academy
[2009.10.20 23:22:44 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Meridian93
[2010.02.10 20:58:54 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Merscom
[2009.03.28 00:22:43 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Mushroom Age
[2012.03.10 09:33:56 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\My Games
[2009.08.06 00:18:24 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Mysteryville2
[2012.05.30 23:50:47 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\OpenCandy
[2008.12.05 22:08:38 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\OpenOffice.org
[2009.10.15 20:44:18 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\panoramik
[2012.05.31 14:51:33 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\pdfforge
[2009.12.07 22:23:43 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Ph03nixNewMedia
[2012.02.22 01:43:37 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\PlayFirst
[2010.10.30 17:48:44 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\PoBros
[2009.11.10 00:41:27 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Princess Isabella
[2009.03.22 01:52:43 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\RobinsonCrusoeBFGDE
[2009.12.27 16:08:45 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\SampleView
[2009.09.24 16:44:24 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Schmap
[2009.02.23 06:45:02 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\SecretIslandDeuBF
[2009.11.05 01:52:16 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\SerpentOfIsis
[2009.11.06 00:29:09 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\she_is_a_shadow
[2009.10.15 22:23:21 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Skunk Studios
[2009.02.24 00:55:06 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\SpinTop
[2010.02.10 23:37:58 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\SprillBermudeDeu
[2010.02.20 21:52:58 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\SprillRichiGerman
[2009.05.03 16:37:12 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Sudden Games
[2009.11.11 20:03:00 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\SultansLabyrinth
[2009.11.05 23:21:15 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\SulusGames
[2009.08.05 00:00:51 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\TheScruffs
[2009.03.02 23:15:24 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\TMInc
[2009.12.06 14:23:29 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Total Eclipse
[2009.10.15 23:34:33 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Twintale Entertainment
[2012.05.31 02:09:56 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Uniblue
[2009.03.26 20:16:43 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\URSE Games
[2009.12.09 00:00:26 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\V-Games
[2009.10.17 19:36:45 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\ValuSoft
[2009.10.08 23:12:23 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\ViquaSoft
[2012.02.24 09:51:24 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Vogat Interactive
[2009.10.17 20:28:18 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\YoudaGames
[2008.09.11 02:27:19 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\{A004037C-8B9A-4390-9074-1D3EEE0A3BDF}
[2012.05.31 04:24:11 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:9E3E060F
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:92A815D8
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:73AFBB96
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:E945C214
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:AABCC5A7
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:5BC73C48
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMPFC3B090
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:0F2BA284
@Alternate Data Stream - 470 bytes -> C:\Users\HOPSI\Documents\fb.eml:OECustomProperty
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:5345C8F6
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:E690114B
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:AE75CCC8
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:89C28CF6
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:3D186293
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:CAF8DAC8
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:EEB25EAE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:8BFA0030
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:40EE25BB
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:386B39C3
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:28CDD861
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP390A6A7
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C76CFF82
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:23834E1E
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:E6C6EB3B
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:C48A983C
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:A0921B2C
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:79875988
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:EF5B3572
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C7F08EA3
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:3969ACF7
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0EC7A545
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:CAC06C34
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:834DD57E
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:53DF4438
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:526B3022
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:1C201DEB
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:EE39C93C
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E7B4296D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E14FA16F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMPC0B1070
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:C36B1175
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:B64F7263
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:943E8182
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:61AF2B29
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:5D10C56A
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3B454A5C
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0BBF232A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:9FD757A9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6017A808
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:491270B8
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:FC70A22A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:E9FAC3AB
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:B54E4B5A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:A5241382
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:89CF6F9C
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:609CAC7C
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2DF54B62
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:123A86B5
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:91DEEE71
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:88A44CC1
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:864881BF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:700B9342
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:5FA4CB99
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:3651A580
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:041C0562
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E80802C7
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:AA0017FD
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A819A132
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:65AB2A58
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:59465B40
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:55E1514E
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2BFCDF84
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:26A148EB
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:1C6CB897
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:14A1BBE3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:FED25C29
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:BF6A2C54
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:B8EB1B99
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A5584049
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:8BE7A048
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:8924043A
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:551BED5F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1181620C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:FDDD8917
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EAF954B6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EA10407C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E2CB42C9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:896E1EFF
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:7881FECE
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:6FD3C973
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:4A448DB2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:43E95997
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:19474103
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:FAB64002
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:B3196E8D
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:A7DA2BCD
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9E76E7F3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9A7BF72D
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:80F63EC3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:7A0EFE63
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:7A032A04
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:512E1728
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:488F7244
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:F8F070C2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:EC855C73
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP46ECFD5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C928F3BE
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:AFB24B00
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:AED33A42
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A88BE334
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9DF07E8F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:98982C88
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:80EA2EA3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:7972CF54
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:6247E766
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:51E1A4D8
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:42A3BDD7
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:3AD6342E
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:1B389835
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:101708D3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:0DFE2AE1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:F3EFA8A8
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:EDC744FB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:C10635F6
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A6D89509
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A6D6E537
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:9EE6560D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:90865A6D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:870649A4
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:71004506
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:61B54B15
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4FA837B4
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:405D842B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3B812EE0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:315B4A13
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:2E3F04BC
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:25249477
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:FC8FFA4E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:C7973317
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:C0893153
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:BB71BBA2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:7E082023
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:74B9EA7F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:6BFA43EB
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:6425A235
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:55F44B88
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4C528C86
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:3E200C29
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1B7E2022
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0E684AC9
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMPE875C30
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP5E0200E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:C8AC644A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:895A78C5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7ADB695A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:627153F1
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:5520ED93
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:4F7FE589
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:38B32B54
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:1D6B18F1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMPE47A3DA
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP8D58038
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP31BE97C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP2C57161
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CD9109D4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C5E2BAEE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B60D5127
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:85C3B823
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:7CEDF9F3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:697DDE2B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5CE91C67
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:52C24010
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4DCAC4BC
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3539CD43
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2495D97A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:1CDEDE11
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:072F1F69
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:0696EC8E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:008586AE
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:BE40C8A2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:9B721CFF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:842B0AED
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:69AF9D20
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:61F0C8FB
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5080697C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:EC0A74A1
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMPD04902E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMPC21D414
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A2FF62A6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A0CB43B2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9D03192E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:98DFF516
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:71612023
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:71112705
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:598E0FFA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:48FEA089
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3815BC84
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0E636D62
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:EA1919C7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMPE6EED8B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B845F669
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B0456F0C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9E9A3410
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:99B20AD0
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:996104FC
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:961B84C5
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6F0B6A5A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:4E243396
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:370E4EFB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2871B698
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:FC2D0F32
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CA8D6B60
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:BD9F7E4E
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:AAA06E15
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:93D985FC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:918B7566
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:689AB7E9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5EF1AD34
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:4673E9EA
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:17C48B08
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:16A4620C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F5B51004
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E7B49FBF
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E3B5F2D1
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP055FC10
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B1786630
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:7B52659E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:53B8C5D2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4A906D4A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1392F09D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E895790F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E3CEEC4C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B8384DB6
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:A58B27C9
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:9ACB70D7
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:7547DA5B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:6BD304B9
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:63B38619
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:3DB6F365
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:237E4B91
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:AECF4772
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5FFC2819
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3D6B89CE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3D36932D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2B1EA607
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2AF322BF
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:275AA066
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:054F0F17
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:C30487EE
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:BD27B7FC
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B2735F9E
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B1381B34
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6C5EC3CD
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3C282BEA
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:397D67BA
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3086B95F
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0F0A5896
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BE6B5FC3
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B904C348
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8BA6C9F8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:7CA7BED1
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:55818279
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4DDE401B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:B1FBA7E1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A60D0FA6
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:94B46CA2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9491C9C7
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:90D89144
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:22313216
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1ECED34B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1B927722
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FAFEC4B9
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:EF0C5444
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMPE9F4320
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:BF6C81B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:9A6EBBF2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:7C412B92
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0D278FB5
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:07241935
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:067F588D
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8B4B9596
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7FCB9D0D
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6FE17A89
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:5B6F7F60
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:5197985B
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:29F0CA7D
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:24FECE50
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:F42B5B0E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E91ADC66
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E732B44B
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E411AA0D
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:CEF2A14E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4FE30352
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:43982D5E
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:39C7B7C6
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMPF0BC727
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP507B5A8
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:C8E82994
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:409A775B
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:3C5ABDC7
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:12D2EB9C
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:E51234A9
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:7A0FEE87
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:3FD496E1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:331B76C7
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:2E49FF93
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:109734F6
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:0ED4AC2F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP0668210
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:BDCD8531
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:A3251D01
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:50636E35
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:43301D1D
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:090FB735
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:97C4F81F
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:9398DBB4
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:78E0DF72
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:561B1D2B
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:523B97A0
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:08D8BB20
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:4FE42FFC
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:4573A78F
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:FC4EA67C
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:848CC150
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:80B291A7
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:3E988A0F
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:124B94C0
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP92485C9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:BA05E0C4
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:6E86D926
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:57B2B96C
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:40D8F125
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:95198126
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:5A437AC3
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:53DF59D1
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP48500F8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0EB1DE
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:C0A9D0E7
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:B2CD146E
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:7776B809
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:6444B424
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:177313FB
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:ED810E46
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:E32966C0
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:C07A6A6B
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:55BB2521
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:225CD7D5
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:F14D1F80
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:8E7F155B
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:82529191
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:27D1368B

< End of report >
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 31.05.2012 16:35:21 - Run 1
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Users\HOPSI\Müll
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 56,59% Memory free
3,99 Gb Paging File | 2,68 Gb Available in Paging File | 67,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,74 Gb Total Space | 164,43 Gb Free Space | 73,49% Space Free | Partition Type: NTFS
Drive D: | 7,59 Gb Total Space | 0,75 Gb Free Space | 9,88% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,77% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTKIND-PC | User Name: HOPSI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Users\HOPSI\Downloads\Diverses\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Users\HOPSI\Downloads\Diverses\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{34DA11C1-BD18-43F8-A35A-D6B49681F819}" = rport=139 | protocol=6 | dir=out | app=system | 
"{566BFDC2-46AD-452C-AC85-B0EC6204702E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6B954BF8-270F-441A-81B1-0501EEBC6604}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B049E7AC-AF9E-4734-A9C4-3744A0194E3C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B074E03E-D552-4ED0-8A70-1689B0CC4C8F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{B8F97EAC-98B1-4BDD-9EBC-534C781DBF15}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C5969AE3-B109-40C1-A074-B9E1C20CE68F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C5BD03AD-343C-443A-8A28-91C3EC49F40E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CA22E9AC-2C29-4C55-93C7-AC5505324EB1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D4B2E3FA-1A01-4BBF-A32B-73DC39862F7D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E2413390-1B71-4FD0-8A64-B45156760F39}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015B634C-8375-417F-AB95-640321E410ED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{0508E06E-9137-410F-8821-C4F048AFD936}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0A4CD25B-AB04-485B-B840-B6E44EBD8D9C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{164B13A2-D200-4F2D-9E0A-822208093595}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{1E89CBB2-716F-44AE-9188-2B275F93811B}" = protocol=6 | dir=in | app=c:\users\hopsi\appdata\local\temp\7zs1b2f\hpdiagnosticcoreui.exe | 
"{264B4626-A958-4A98-99CC-D00D469ED0D9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{2AE147C5-75B1-4371-953C-8326CCE7DD82}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{3A20A9B4-5A83-4213-9108-9B700F4D0C08}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{4BD4061C-54B2-446F-B20E-60B7D075076A}" = dir=in | app=f:\setup\hpznui01.exe | 
"{62289510-7B45-4D74-987A-AB26CDFB4725}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{62BF7E73-32F3-42DD-BA6C-0D54C2444184}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6E48489E-C3CC-4CCC-B325-AEDCC8223CA1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{7D45E3A7-F3DA-4F29-B33B-B454C85E66F2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{99B555AD-B278-42BA-9376-2A898D62A929}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{A7EA1774-BEA4-4E99-8393-316F4C11786E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{ADB08262-E113-408A-9445-1DD47503E7EA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{B245C972-8D8E-4C4B-B2F8-1E3AE7FEA1B1}" = protocol=17 | dir=in | app=c:\users\hopsi\appdata\local\temp\7zs1b2f\hpdiagnosticcoreui.exe | 
"{C8D75FE8-4587-47FF-8335-384620F7C19C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{CCEB6426-D92F-471E-A454-2620C25A9F1B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{D0645F4C-E97D-4884-86E6-7542BFC37E3A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D8BB5931-FD09-416A-919C-272BDE3C3F2F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{F9AE79D3-8917-4727-8B26-43394749DE22}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"TCP Query User{0EFD96BD-BCC1-4038-8BA8-9392AD8A9799}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{2C5AFD57-BA15-4182-BCC5-8B4A2C5475BD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{910CA72D-F84C-4E6D-996D-61E025518102}C:\users\hopsi\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\hopsi\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{C39CBA12-9D67-42AC-BEA7-28BAC98F8322}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"UDP Query User{1ACD41DA-844A-4BA7-8F09-2FC1504CD08F}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"UDP Query User{393AD420-D47D-4A4D-A4B0-F6F5123450B3}C:\users\hopsi\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\hopsi\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{3D1C7612-4857-484E-ABD7-2A44F6C970B2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{4A790FB5-A793-4A96-91E2-F77154A12902}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02C03AE0-E898-5C22-AFD4-877466FFBD98}" = CCC Help English
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{07FB18CF-3F76-43AC-0F02-B2DC201D27F4}" = Catalyst Control Center Localization Thai
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{09B17771-7F41-193C-4B8B-93B07653707C}" = Catalyst Control Center Localization Czech
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{15ADCB87-FB9D-BE4B-89EB-A5439DADACEB}" = CCC Help Japanese
"{160FB2C2-37D9-C291-9B79-B660241AD747}" = Catalyst Control Center Localization Dutch
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19CA53A9-E256-6AF1-28FA-EE61A88886CA}" = Catalyst Control Center Localization Chinese Traditional
"{1A239B49-FDA5-8BCF-05E9-15C69A8591F7}" = Catalyst Control Center Localization Swedish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{228FAF8F-3380-6579-E37D-8AE663A543EE}" = CCC Help Russian
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{2692EC5B-A136-5340-C10C-4FA987FBA569}" = Catalyst Control Center Localization Spanish
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{279F3807-2744-5B05-1CD5-612097502559}" = CCC Help Polish
"{27A94385-A7BD-17DA-3827-E54A3B203E7C}" = CCC Help Chinese Traditional
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2B5BC746-6594-F319-D806-BA97C1B3D8E9}" = Catalyst Control Center Localization Japanese
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{2E2499C1-D876-D3A5-5329-23719AF4EEA5}" = CCC Help French
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3583F14B-42A8-C383-37B1-6186DD87BA46}" = Catalyst Control Center Localization Korean
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36262360-D6DF-EFAE-7AB2-5FE47F01BB8A}" = Catalyst Control Center Graphics Full Existing
"{36720FFD-D8DC-502D-5B59-97261633B847}" = Catalyst Control Center Graphics Full New
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3B1815F1-A388-CBA9-439E-8D97D0A9C6FB}" = CCC Help Portuguese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{426C7CC1-5AC3-4758-A40C-6446F2CEA8C9}" = ccc-Branding
"{4282CA13-4119-B9F9-A13D-F7E8C61978F9}" = CCC Help Turkish
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{541847E5-E8C5-075B-9F2B-2FF2A3C971C1}" = Catalyst Control Center Localization Hungarian
"{5B1E200F-327D-AA06-4990-8E1505DFC754}" = CCC Help Greek
"{5D7347E1-AE03-478B-3BE2-F1279693F745}" = ccc-utility
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5E156316-7276-D0B6-D6CD-A356B897FAB3}" = CCC Help Hungarian
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6276CABC-7E19-4945-9A9C-3549D965E687}" = CCC Help Danish
"{6368D4AE-BFC1-4AAD-25AD-7EBA1CDEAFF0}" = CCC Help Thai
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{67D3B081-1389-D544-6889-3E3BA2691171}" = CCC Help Korean
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BA9955E-1F40-7E11-1488-228DAEFB0FD8}" = CCC Help Italian
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6E8C9958-A445-06B7-9180-F1C546E90B6B}" = Catalyst Control Center Localization Chinese Standard
"{6EF125F8-F86B-C019-2A11-53D9C99AEE00}" = Catalyst Control Center Localization Danish
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{75918444-A9D8-86F4-3644-08917713894F}" = CCC Help German
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B3CDDCA-0913-D8CE-F4E1-E0F8D0200B87}" = CCC Help Norwegian
"{8CC5F040-44F2-4FB7-9720-47F53F96D180}" = MSCU for Microsoft Vista
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{990BA001-D69F-9DB2-56CE-88E0399B30FB}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C4AED81-8040-28D3-FCE3-E87DC2B948EC}" = Catalyst Control Center Localization German
"{A1A34147-C621-1D90-3C27-D90CF2E1ADFA}" = CCC Help Czech
"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2F07A9-7EB5-4185-BAA9-A02F56F1396A}" = CCC Help Dutch
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B19B5C55-573E-14F3-0047-7029B5618529}" = Catalyst Control Center Graphics Light
"{B33E503B-8A82-E0EF-1ABE-06BF0489A6F9}" = CCC Help Swedish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A7937C-B0B5-1040-FC2E-EB05872EF72C}" = Catalyst Control Center Localization Turkish
"{B7F2B452-4461-88FF-EFD0-8E888D1A4C2D}" = CCC Help Spanish
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{BC281B89-4AF1-D881-ABB3-853444E7C1D5}" = Catalyst Control Center Localization Greek
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools
"{C41A421C-59F6-8393-014A-F655460AD5F5}" = CCC Help Finnish
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6271F2D-3D0A-439B-BD78-584E017C636E}" = Vista Default Settings
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D02B9787-3152-A4A0-43E9-AF5E62715D4E}" = Catalyst Control Center Localization Polish
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe  1.6.43.1
"{DB11E77A-8184-C8D3-55DF-73F937EE2F3D}" = Catalyst Control Center Localization Norwegian
"{DB58F76A-5B4F-DD75-7AD5-EDA4500BC7AC}" = ATI Catalyst Install Manager
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DDDBC1AF-504A-3E17-4A74-E8C69D2C0D0E}" = Catalyst Control Center Localization Finnish
"{DEDBEB69-C5E7-4904-A885-9227C8D982B0}" = HP MULTIPLE WLAN INSTALLER for VISTA
"{DFE967A8-9C30-413C-B2D5-C0D576949553}" = ESU for Microsoft Vista
"{E03D8FE4-70BF-26F8-DA3B-974E3A561308}" = CCC Help Chinese Standard
"{E25074CB-A222-3A2D-0542-CC5BAD57ED76}" = Catalyst Control Center Localization Russian
"{E25AA53F-6878-4C64-8130-EB8D678DF303}" = HP User Guides 0064
"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min
"{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC04A654-128B-5439-0198-E1178E1E6E76}" = Catalyst Control Center Core Implementation
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EF6CEC13-B014-8BD5-5E56-78E68494A167}" = Catalyst Control Center Localization Italian
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F4144B54-EA3B-72F5-D464-211A1D7BAB95}" = Catalyst Control Center Localization Portuguese
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B5554B-5CDE-4D16-9ACF-00BFB1ACD668}" = HP BIOS Configuration for ProtectTools
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FAFC99FB-4361-7B69-AF2B-87A60406B60C}" = Catalyst Control Center Localization French
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Media Player_is1" = AVS Media Player 4.1.6.80
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"Free Studio_is1" = Free Studio version 5.5.0
"GIMP-2_is1" = GIMP 2.8.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP QuickLook_is1" = HP QuickLook
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PDF Complete" = PDF Complete Special Edition
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.05.2012 18:13:12 | Computer Name = CHRISTKIND-PC | Source = VSS | ID = 8194
Description = 
 
Error - 30.05.2012 18:13:18 | Computer Name = CHRISTKIND-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 30.05.2012 18:28:41 | Computer Name = CHRISTKIND-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 30.05.2012 19:18:14 | Computer Name = CHRISTKIND-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 30.05.2012 19:31:55 | Computer Name = CHRISTKIND-PC | Source = MsiInstaller | ID = 11714
Description = 
 
Error - 30.05.2012 19:35:28 | Computer Name = CHRISTKIND-PC | Source = VSS | ID = 8194
Description = 
 
Error - 30.05.2012 20:04:09 | Computer Name = CHRISTKIND-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 30.05.2012 20:35:06 | Computer Name = CHRISTKIND-PC | Source = VSS | ID = 8194
Description = 
 
Error - 30.05.2012 22:24:00 | Computer Name = CHRISTKIND-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 31.05.2012 07:08:40 | Computer Name = CHRISTKIND-PC | Source = VSS | ID = 8194
Description = 
 
[ Credential Manager Events ]
Error - 11.10.2009 08:27:21 | Computer Name = CHRISTKIND-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: HOPSI@CHRISTKIND-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 13.10.2009 10:26:16 | Computer Name = CHRISTKIND-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: HOPSI@CHRISTKIND-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 18.10.2009 13:09:41 | Computer Name = CHRISTKIND-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: HOPSI@CHRISTKIND-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 11.11.2009 17:30:50 | Computer Name = CHRISTKIND-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: HOPSI@CHRISTKIND-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 16.11.2009 16:55:39 | Computer Name = CHRISTKIND-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: HOPSI@CHRISTKIND-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 20.11.2009 08:32:11 | Computer Name = CHRISTKIND-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: HOPSI@CHRISTKIND-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 25.11.2009 16:58:01 | Computer Name = CHRISTKIND-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: HOPSI@CHRISTKIND-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 28.11.2009 15:20:28 | Computer Name = CHRISTKIND-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: HOPSI@CHRISTKIND-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 05.12.2009 17:18:04 | Computer Name = CHRISTKIND-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: HOPSI@CHRISTKIND-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 27.12.2009 07:48:51 | Computer Name = CHRISTKIND-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: HOPSI@CHRISTKIND-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
[ System Events ]
Error - 30.05.2012 21:56:58 | Computer Name = CHRISTKIND-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 31.05.2012 06:30:41 | Computer Name = CHRISTKIND-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.05.2012 06:30:41 | Computer Name = CHRISTKIND-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 31.05.2012 07:22:28 | Computer Name = CHRISTKIND-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 31.05.2012 07:22:28 | Computer Name = CHRISTKIND-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 31.05.2012 07:23:25 | Computer Name = CHRISTKIND-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 31.05.2012 07:37:42 | Computer Name = CHRISTKIND-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 31.05.2012 08:03:27 | Computer Name = CHRISTKIND-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 31.05.2012 08:08:54 | Computer Name = CHRISTKIND-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 31.05.2012 08:16:05 | Computer Name = CHRISTKIND-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
--- --- ---


CCLEANER:

Zitat:
7-Zip 9.20 30.05.2012 3,54MB
Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 06.09.2008 13,5MB
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 29.05.2012 11.2.202.235
Adobe Reader X (10.1.3) - Deutsch Adobe Systems Incorporated 29.05.2012 121,1MB 10.1.3
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 29.05.2012 10,3MB 11.6.5.635
Agere Systems HDA Modem LSI Corporation 14.03.2009
Application Installer 4.00.B14 Hewlett-Packard Company 06.09.2008 0,89MB 4.00.B14
ATI Catalyst Install Manager ATI Technologies, Inc. 07.09.2008 13,8MB 3.0.608.0
ATI Uninstaller ATI Technologies, Inc. 06.09.2008 13,5MB
Avira Free Antivirus Avira 30.05.2012 183,9MB 12.0.0.1125
AVS Media Player 4.1.6.80 Online Media Technologies Ltd. 29.05.2012 7,32MB
AVS Update Manager 1.0 Online Media Technologies Ltd. 29.05.2012 11,9MB
AVS Video Converter 8 Online Media Technologies Ltd. 29.05.2012 36,9MB
AVS4YOU Software Navigator 1.4 Online Media Technologies Ltd. 29.05.2012 6,75MB
Broadcom 802.11 Wireless LAN Adapter Broadcom Corporation 10.09.2008 1,64MB 4.102.15.56
CCleaner Piriform 22.05.2012 4,71MB 3.19
Credential Manager for HP ProtectTools Hewlett-Packard 29.06.2007 63,0MB 2.5.0.880.13
ESU for Microsoft Vista Hewlett-Packard 29.06.2007 3,78MB 1.0.10.1
Free Studio version 5.5.0 DVDVideoSoft Ltd. 29.05.2012 669MB 5.5.0
GIMP 2.8.0 The GIMP Team 29.05.2012 224MB 2.8.0
Google Chrome Google Inc. 29.05.2012 191,6MB 19.0.1084.52
Google Earth Google 29.05.2012 107,6MB 6.2.2.6613
HP BIOS Configuration for ProtectTools Hewlett-Packard 29.06.2007 2,56MB 3.00 C1
HP Customer Experience Enhancements Hewlett-Packard 29.06.2007 5.0.0.2258
HP Customer Participation Program 13.0 HP 30.05.2012 209MB 13.0
HP Doc Viewer Hewlett-Packard 10.09.2008 1,01MB 1.01.0005
HP Easy Setup - Core Hewlett-Packard 29.06.2007 1,02MB 5.0.0.2258
HP Easy Setup - Frontend Hewlett-Packard 29.06.2007 1,44MB 5.0.0.2258
HP Help and Support Hewlett-Packard 29.06.2007 20,9MB 1.0.0
HP Imaging Device Functions 13.0 HP 30.05.2012 3,36MB 13.0
HP Integrated Module with Bluetooth wireless technology 6.0.1.4900 HP 10.09.2008 40,8MB 6.0.1.4900
HP MULTIPLE MODEM INSTALLER for VISTA Hewlett Packard 10.09.2008 13,8MB 1.0.0.26
HP MULTIPLE WLAN INSTALLER for VISTA Hewlett Packard 10.09.2008 5,50MB 6.0.0.1
HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 HP 30.05.2012 39,4MB 13.0
HP Print Projects 1.0 HP 30.05.2012 3,29MB 1.0
HP Product Detection Hewlett-Packard Company 19.03.2010 0,89MB 9.7.3
HP ProtectTools Security Manager Hewlett-Packard 29.06.2007 7,10MB 3.00 A10
HP Quick Launch Buttons Hewlett-Packard Company 29.10.2011 30,0MB 6.50.14.1
HP QuickLook Hewlett-Packard 10.09.2008 4,43MB
HP Smart Web Printing 4.5 HP 30.05.2012 26,4MB 4.5
HP Solution Center 13.0 HP 30.05.2012 3,45MB 13.0
HP Update Hewlett-Packard 18.04.2011 3,97MB 5.002.007.004
HP User Guides 0064 Ihr Firmenname 10.09.2008 452MB 1.03.0000
HP Wireless Assistant Hewlett-Packard 29.06.2007 3,94MB 3.00 F1
InterVideo DVD Check 06.09.2008 0,18MB
InterVideo WinDVD InterVideo Inc. 10.09.2008 46,1MB 5.0-B11.1164
Java(TM) 6 Update 18 Sun Microsystems, Inc. 08.04.2010 97,1MB 6.0.180
Java(TM) 7 Update 4 Oracle 29.05.2012 99,3MB 7.0.40
JavaFX 2.1.0 Oracle Corporation 29.05.2012 20,9MB 2.1.0
Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 30.05.2012 11,7MB 1.61.0.1400
Microsoft .NET Framework 1.1 09.09.2008
Microsoft .NET Framework 1.1 German Language Pack Microsoft 29.06.2007 3,02MB 1.1.4322
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 10.02.2009 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 08.02.2009 37,0MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 24.06.2010 120,3MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 24.06.2010 24,5MB 4.0.30319
Microsoft Silverlight Microsoft Corporation 15.05.2012 5.1.10411.0
Microsoft SQL Server Native Client Microsoft Corporation 08.02.2009 2,63MB 9.00.4035.00
Microsoft SQL Server VSS Writer Microsoft Corporation 08.02.2009 0,68MB 9.00.4035.00
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 30.07.2009 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 19.06.2011 0,29MB 8.0.61001
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 30.07.2009 0,19MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 18.06.2009 1,41MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Corporation 08.04.2010 0,22MB 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 19.03.2009 0,58MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 27.03.2010 0,58MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 19.06.2011 0,58MB 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 15.05.2012 10.0.40219
MSCU for Microsoft Vista Hewlett-Packard 29.06.2007 72,9MB 1.0.1.3
MSXML 4.0 SP2 (KB925672) Microsoft Corporation 07.09.2008 1,24MB 4.20.9839.0
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 09.09.2008 1,27MB 4.20.9848.0
MSXML 4.0 SP2 (KB941833) Microsoft Corporation 10.09.2008 1,27MB 4.20.9849.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 11.11.2008 1,28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1,34MB 4.20.9876.0
Octoshape add-in for Adobe Flash Player 10.09.2011
OpenOffice.org 3.3 OpenOffice.org 29.05.2012 413MB 3.3.9567
PDF Complete Special Edition PDF Complete, Inc 30.05.2012 36,3MB 3.5.112
PDF-XChange Viewer Tracker Software Products Ltd. 30.05.2012 53,8MB 2.5.201.0
PDFCreator Frank Heindörfer, Philip Chinery 30.05.2012 35,6MB 1.3.2
Shop for HP Supplies HP 30.05.2012 182,1MB 13.0
Skype Click to Call Skype Technologies S.A. 29.05.2012 13,2MB 5.11.9874
Skype™ 5.9 Skype Technologies S.A. 29.05.2012 19,3MB 5.9.115
SoundMAX Analog Devices 10.09.2008 56,00KB 6.10.1.5180
ST Wiederherstellungs- & Sicherungsprogramme Hewlett-Packard Company 29.06.2007 7.365MB 4.0.14
Synaptics Pointing Device Driver Synaptics Incorporated 07.09.2010 12,8MB 15.0.24.0
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Microsoft Corporation 08.02.2009 23,2MB 9.00.4035.00
Vista Default Settings Hewlett-Packard 29.06.2007 0,27MB 1.0.5.1
VLC media player 2.0.1 VideoLAN 29.05.2012 90,2MB 2.0.1
Passt das so? Ich hab mich mental schon auf eine Neuinstallation eingestellt und sogar schon den Großteil meiner Daten gesichert, weil soviele verschiedene kleine Lästigkeiten auftauchen. Aber vielleicht hast du ja bessere Neuigkeiten für mich?! Ich bedanke mich schon mal für die Hilfe.
__________________
Alt 01.06.2012, 06:17   #4
kira
/// Helfer-Team
 
Malwarebytes - Fund - Standard

Malwarebytes - Fund


Systemreinigung und Prüfung:

1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=none&bd=smb&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=none&bd=smb&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8b0d31e7-0331-43cc-87cd-a472317f1305}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNzfb010YYat_ZKxdm604YYat&ptb=BF440357-C679-4203-BB69-37091495D1D2&psa=&ind=2011010713&ptnrS=ZNzfb010YYat_ZKxdm604YYat&si=&st=sb&n=77dd9699&searchfor={sea rchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={i nputEncoding?}&oe={outputEncoding?}&rlz=1I7GGNI_deAT484
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\HOPSI\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\HOPSI\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2011.04.05 01:49:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\HOPSI\AppData\Roaming\mozilla\Firefox\Profiles\dvboq4hq.default\extensions\engine@conduit.com
[2010.06.30 22:46:44 | 000,002,333 | ---- | M] () -- C:\Users\HOPSI\AppData\Roaming\Mozilla\Firefox\Profiles\dvboq4hq.default\searchplugins\askcom.xml
[2010.01.13 19:16:11 | 000,000,881 | ---- | M] () -- C:\Users\HOPSI\AppData\Roaming\Mozilla\Firefox\Profiles\dvboq4hq.default\searchplugins\conduit.xml
File not found (No name found) -- C:\USERS\HOPSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DVBOQ4HQ.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
O2 - BHO: (no name) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{09e4315c-b7e9-11de-a613-d02839127291}\Shell - "" = AutoRun
O33 - MountPoints2\{09e4315c-b7e9-11de-a613-d02839127291}\Shell\AutoRun\command - "" = G:\AutoRun.exe
[2012.05.31 15:56:24 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.31 15:52:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1457105073-1478914729-850536785-1006UA.job
[2012.05.31 12:32:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.30 21:52:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1457105073-1478914729-850536785-1006Core.job
[2012.05.30 21:47:13 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1457105073-1478914729-850536785-1006UA.job
[2012.05.30 21:47:12 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1457105073-1478914729-850536785-1006Core.job
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:9E3E060F
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:92A815D8
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:73AFBB96
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:E945C214
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:AABCC5A7
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:5BC73C48
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMPFC3B090
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:0F2BA284
@Alternate Data Stream - 470 bytes -> C:\Users\HOPSI\Documents\fb.eml:OECustomProperty
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:5345C8F6
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:E690114B
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:AE75CCC8
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:89C28CF6
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:3D186293
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:CAF8DAC8
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:EEB25EAE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:8BFA0030
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:40EE25BB
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:386B39C3
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:28CDD861
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP390A6A7
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C76CFF82
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:23834E1E
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:E6C6EB3B
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:C48A983C
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:A0921B2C
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:79875988
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:EF5B3572
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C7F08EA3
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:3969ACF7
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0EC7A545
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:CAC06C34
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:834DD57E
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:53DF4438
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:526B3022
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:1C201DEB
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:EE39C93C
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E7B4296D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E14FA16F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMPC0B1070
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:C36B1175
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:B64F7263
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:943E8182
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:61AF2B29
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:5D10C56A
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3B454A5C
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0BBF232A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:9FD757A9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6017A808
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:491270B8
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:FC70A22A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:E9FAC3AB
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:B54E4B5A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:A5241382
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:89CF6F9C
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:609CAC7C
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2DF54B62
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:123A86B5
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:91DEEE71
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:88A44CC1
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:864881BF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:700B9342
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:5FA4CB99
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:3651A580
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:041C0562
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E80802C7
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:AA0017FD
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A819A132
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:65AB2A58
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:59465B40
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:55E1514E
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2BFCDF84
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:26A148EB
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:1C6CB897
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:14A1BBE3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:FED25C29
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:BF6A2C54
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:B8EB1B99
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A5584049
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:8BE7A048
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:8924043A
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:551BED5F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1181620C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:FDDD8917
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EAF954B6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EA10407C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E2CB42C9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:896E1EFF
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:7881FECE
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:6FD3C973
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:4A448DB2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:43E95997
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:19474103
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:FAB64002
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:B3196E8D
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:A7DA2BCD
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9E76E7F3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9A7BF72D
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:80F63EC3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:7A0EFE63
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:7A032A04
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:512E1728
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:488F7244
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:F8F070C2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:EC855C73
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP46ECFD5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C928F3BE
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:AFB24B00
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:AED33A42
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A88BE334
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9DF07E8F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:98982C88
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:80EA2EA3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:7972CF54
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:6247E766
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:51E1A4D8
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:42A3BDD7
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:3AD6342E
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:1B389835
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:101708D3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:0DFE2AE1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:F3EFA8A8
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:EDC744FB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:C10635F6
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A6D89509
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A6D6E537
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:9EE6560D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:90865A6D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:870649A4
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:71004506
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:61B54B15
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4FA837B4
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:405D842B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3B812EE0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:315B4A13
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:2E3F04BC
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:25249477
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:FC8FFA4E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:C7973317
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:C0893153
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:BB71BBA2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:7E082023
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:74B9EA7F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:6BFA43EB
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:6425A235
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:55F44B88
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4C528C86
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:3E200C29
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1B7E2022
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0E684AC9
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMPE875C30
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP5E0200E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:C8AC644A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:895A78C5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7ADB695A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:627153F1
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:5520ED93
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:4F7FE589
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:38B32B54
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:1D6B18F1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMPE47A3DA
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP8D58038
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP31BE97C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP2C57161
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CD9109D4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C5E2BAEE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B60D5127
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:85C3B823
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:7CEDF9F3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:697DDE2B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5CE91C67
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:52C24010
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4DCAC4BC
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3539CD43
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2495D97A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:1CDEDE11
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:072F1F69
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:0696EC8E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:008586AE
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:BE40C8A2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:9B721CFF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:842B0AED
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:69AF9D20
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:61F0C8FB
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5080697C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:EC0A74A1
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMPD04902E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMPC21D414
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A2FF62A6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A0CB43B2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9D03192E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:98DFF516
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:71612023
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:71112705
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:598E0FFA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:48FEA089
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3815BC84
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0E636D62
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:EA1919C7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMPE6EED8B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B845F669
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B0456F0C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9E9A3410
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:99B20AD0
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:996104FC
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:961B84C5
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6F0B6A5A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:4E243396
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:370E4EFB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2871B698
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:FC2D0F32
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CA8D6B60
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:BD9F7E4E
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:AAA06E15
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:93D985FC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:918B7566
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:689AB7E9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5EF1AD34
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:4673E9EA
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:17C48B08
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:16A4620C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F5B51004
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E7B49FBF
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E3B5F2D1
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP055FC10
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B1786630
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:7B52659E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:53B8C5D2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4A906D4A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1392F09D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E895790F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E3CEEC4C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B8384DB6
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:A58B27C9
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:9ACB70D7
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:7547DA5B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:6BD304B9
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:63B38619
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:3DB6F365
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:237E4B91
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:AECF4772
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5FFC2819
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3D6B89CE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3D36932D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2B1EA607
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2AF322BF
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:275AA066
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:054F0F17
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:C30487EE
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:BD27B7FC
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B2735F9E
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B1381B34
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6C5EC3CD
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3C282BEA
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:397D67BA
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3086B95F
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0F0A5896
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BE6B5FC3
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B904C348
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8BA6C9F8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:7CA7BED1
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:55818279
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4DDE401B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:B1FBA7E1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A60D0FA6
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:94B46CA2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9491C9C7
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:90D89144
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:22313216
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1ECED34B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1B927722
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FAFEC4B9
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:EF0C5444
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMPE9F4320
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:BF6C81B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:9A6EBBF2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:7C412B92
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0D278FB5
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:07241935
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:067F588D
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8B4B9596
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7FCB9D0D
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6FE17A89
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:5B6F7F60
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:5197985B
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:29F0CA7D
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:24FECE50
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:F42B5B0E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E91ADC66
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E732B44B
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E411AA0D
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:CEF2A14E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4FE30352
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:43982D5E
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:39C7B7C6
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMPF0BC727
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP507B5A8
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:C8E82994
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:409A775B
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:3C5ABDC7
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:12D2EB9C
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:E51234A9
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:7A0FEE87
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:3FD496E1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:331B76C7
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:2E49FF93
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:109734F6
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:0ED4AC2F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP0668210
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:BDCD8531
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:A3251D01
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:50636E35
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:43301D1D
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:090FB735
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:97C4F81F
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:9398DBB4
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:78E0DF72
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:561B1D2B
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:523B97A0
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:08D8BB20
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:4FE42FFC
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:4573A78F
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:FC4EA67C
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:848CC150
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:80B291A7
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:3E988A0F
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:124B94C0
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP92485C9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:BA05E0C4
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:6E86D926
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:57B2B96C
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:40D8F125
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:95198126
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:5A437AC3
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:53DF59D1
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP48500F8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0EB1DE
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:C0A9D0E7
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:B2CD146E
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:7776B809
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:6444B424
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:177313FB
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:ED810E46
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:E32966C0
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:C07A6A6B
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:55BB2521
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:225CD7D5
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:F14D1F80
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:8E7F155B
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:82529191
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:27D1368B

:Files
C:\Users\HOPSI\AppData\Roaming\pdfforge
C:\Windows\System32\pdfcmon.dll
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

2.
Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
oder:
Downloade nun die Offline-Version von Java für 32 Bit Version 6 Update 32 von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

3.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

4.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

5.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
    Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

6.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

7.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

8.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!
Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!
Alt 01.06.2012, 15:36   #5
LeeLeeSob
 
Malwarebytes - Fund - Standard

Malwarebytes - Fund


Also Schritt für Schritt:

zu 1.
+) Änderungen hab ich keine vorgenommen
+) Fixen mit OTL erledigt, hier das Ergebnis:

Zitat:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8b0d31e7-0331-43cc-87cd-a472317f1305}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b0d31e7-0331-43cc-87cd-a472317f1305}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\HOPSI\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\HOPSI\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Users\HOPSI\AppData\Roaming\mozilla\Firefox\Profiles\dvboq4hq.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\mozilla\Firefox\Profiles\dvboq4hq.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\mozilla\Firefox\Profiles\dvboq4hq.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\mozilla\Firefox\Profiles\dvboq4hq.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\mozilla\Firefox\Profiles\dvboq4hq.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\mozilla\Firefox\Profiles\dvboq4hq.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\mozilla\Firefox\Profiles\dvboq4hq.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\mozilla\Firefox\Profiles\dvboq4hq.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\Mozilla\Firefox\Profiles\dvboq4hq.default\searchplugins\askcom.xml moved successfully.
C:\Users\HOPSI\AppData\Roaming\Mozilla\Firefox\Profiles\dvboq4hq.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7B13EC3E-999A-4B70-B9CB-2617B8323822} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B13EC3E-999A-4B70-B9CB-2617B8323822}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09e4315c-b7e9-11de-a613-d02839127291}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09e4315c-b7e9-11de-a613-d02839127291}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09e4315c-b7e9-11de-a613-d02839127291}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09e4315c-b7e9-11de-a613-d02839127291}\ not found.
File G:\AutoRun.exe not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1457105073-1478914729-850536785-1006UA.job moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1457105073-1478914729-850536785-1006Core.job moved successfully.
File C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1457105073-1478914729-850536785-1006UA.job not found.
File C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1457105073-1478914729-850536785-1006Core.job not found.
ADS C:\ProgramData\TEMP:9E3E060F deleted successfully.
ADS C:\ProgramData\TEMP:92A815D8 deleted successfully.
ADS C:\ProgramData\TEMP:73AFBB96 deleted successfully.
ADS C:\ProgramData\TEMP:E945C214 deleted successfully.
ADS C:\ProgramData\TEMP:AABCC5A7 deleted successfully.
ADS C:\ProgramData\TEMP:5BC73C48 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMPFC3B090 .
ADS C:\ProgramData\TEMP:0F2BA284 deleted successfully.
Unable to delete ADS C:\Users\HOPSI\Documents\fb.eml:OECustomProperty .
ADS C:\ProgramData\TEMP:5345C8F6 deleted successfully.
ADS C:\ProgramData\TEMP:E690114B deleted successfully.
ADS C:\ProgramData\TEMP:AE75CCC8 deleted successfully.
ADS C:\ProgramData\TEMP:89C28CF6 deleted successfully.
ADS C:\ProgramData\TEMP:3D186293 deleted successfully.
ADS C:\ProgramData\TEMP:CAF8DAC8 deleted successfully.
ADS C:\ProgramData\TEMP:EEB25EAE deleted successfully.
ADS C:\ProgramData\TEMP:8BFA0030 deleted successfully.
ADS C:\ProgramData\TEMP:40EE25BB deleted successfully.
ADS C:\ProgramData\TEMP:386B39C3 deleted successfully.
ADS C:\ProgramData\TEMP:28CDD861 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP390A6A7 .
ADS C:\ProgramData\TEMP:C76CFF82 deleted successfully.
ADS C:\ProgramData\TEMP:23834E1E deleted successfully.
ADS C:\ProgramData\TEMP:E6C6EB3B deleted successfully.
ADS C:\ProgramData\TEMP:C48A983C deleted successfully.
ADS C:\ProgramData\TEMP:A0921B2C deleted successfully.
ADS C:\ProgramData\TEMP:A02025CE deleted successfully.
ADS C:\ProgramData\TEMP:79875988 deleted successfully.
ADS C:\ProgramData\TEMP:EF5B3572 deleted successfully.
ADS C:\ProgramData\TEMP:C7F08EA3 deleted successfully.
ADS C:\ProgramData\TEMP:3969ACF7 deleted successfully.
ADS C:\ProgramData\TEMP:0EC7A545 deleted successfully.
ADS C:\ProgramData\TEMP:CAC06C34 deleted successfully.
ADS C:\ProgramData\TEMP:834DD57E deleted successfully.
ADS C:\ProgramData\TEMP:53DF4438 deleted successfully.
ADS C:\ProgramData\TEMP:526B3022 deleted successfully.
ADS C:\ProgramData\TEMP:1C201DEB deleted successfully.
ADS C:\ProgramData\TEMP:EE39C93C deleted successfully.
ADS C:\ProgramData\TEMP:E7B4296D deleted successfully.
ADS C:\ProgramData\TEMP:E14FA16F deleted successfully.
Unable to delete ADS C:\ProgramData\TEMPC0B1070 .
ADS C:\ProgramData\TEMP:C36B1175 deleted successfully.
ADS C:\ProgramData\TEMP:B64F7263 deleted successfully.
ADS C:\ProgramData\TEMP:943E8182 deleted successfully.
ADS C:\ProgramData\TEMP:61AF2B29 deleted successfully.
ADS C:\ProgramData\TEMP:5D10C56A deleted successfully.
ADS C:\ProgramData\TEMP:3B454A5C deleted successfully.
ADS C:\ProgramData\TEMP:0BBF232A deleted successfully.
ADS C:\ProgramData\TEMP:F84B8DB5 deleted successfully.
ADS C:\ProgramData\TEMP:9FD757A9 deleted successfully.
ADS C:\ProgramData\TEMP:6017A808 deleted successfully.
ADS C:\ProgramData\TEMP:491270B8 deleted successfully.
ADS C:\ProgramData\TEMP:FC70A22A deleted successfully.
ADS C:\ProgramData\TEMP:E9FAC3AB deleted successfully.
ADS C:\ProgramData\TEMP:B54E4B5A deleted successfully.
ADS C:\ProgramData\TEMP:A5241382 deleted successfully.
ADS C:\ProgramData\TEMP:89CF6F9C deleted successfully.
ADS C:\ProgramData\TEMP:609CAC7C deleted successfully.
ADS C:\ProgramData\TEMP:2DF54B62 deleted successfully.
ADS C:\ProgramData\TEMP:123A86B5 deleted successfully.
ADS C:\ProgramData\TEMP:91DEEE71 deleted successfully.
ADS C:\ProgramData\TEMP:88A44CC1 deleted successfully.
ADS C:\ProgramData\TEMP:864881BF deleted successfully.
ADS C:\ProgramData\TEMP:700B9342 deleted successfully.
ADS C:\ProgramData\TEMP:5FA4CB99 deleted successfully.
ADS C:\ProgramData\TEMP:3651A580 deleted successfully.
ADS C:\ProgramData\TEMP:041C0562 deleted successfully.
ADS C:\ProgramData\TEMP:E80802C7 deleted successfully.
ADS C:\ProgramData\TEMP:AA0017FD deleted successfully.
ADS C:\ProgramData\TEMP:A819A132 deleted successfully.
ADS C:\ProgramData\TEMP:65AB2A58 deleted successfully.
ADS C:\ProgramData\TEMP:59465B40 deleted successfully.
ADS C:\ProgramData\TEMP:55E1514E deleted successfully.
ADS C:\ProgramData\TEMP:2BFCDF84 deleted successfully.
ADS C:\ProgramData\TEMP:26A148EB deleted successfully.
ADS C:\ProgramData\TEMP:1C6CB897 deleted successfully.
ADS C:\ProgramData\TEMP:14A1BBE3 deleted successfully.
ADS C:\ProgramData\TEMP:FED25C29 deleted successfully.
ADS C:\ProgramData\TEMP:BF6A2C54 deleted successfully.
ADS C:\ProgramData\TEMP:B8EB1B99 deleted successfully.
ADS C:\ProgramData\TEMP:A5584049 deleted successfully.
ADS C:\ProgramData\TEMP:8BE7A048 deleted successfully.
ADS C:\ProgramData\TEMP:8924043A deleted successfully.
ADS C:\ProgramData\TEMP:737160C1 deleted successfully.
ADS C:\ProgramData\TEMP:551BED5F deleted successfully.
ADS C:\ProgramData\TEMP:1181620C deleted successfully.
ADS C:\ProgramData\TEMP:FDDD8917 deleted successfully.
ADS C:\ProgramData\TEMP:EAF954B6 deleted successfully.
ADS C:\ProgramData\TEMP:EA10407C deleted successfully.
ADS C:\ProgramData\TEMP:E2CB42C9 deleted successfully.
ADS C:\ProgramData\TEMP:896E1EFF deleted successfully.
ADS C:\ProgramData\TEMP:7881FECE deleted successfully.
ADS C:\ProgramData\TEMP:6FD3C973 deleted successfully.
ADS C:\ProgramData\TEMP:4A448DB2 deleted successfully.
ADS C:\ProgramData\TEMP:43E95997 deleted successfully.
ADS C:\ProgramData\TEMP:2AE74FF9 deleted successfully.
ADS C:\ProgramData\TEMP:19474103 deleted successfully.
ADS C:\ProgramData\TEMP:FAB64002 deleted successfully.
ADS C:\ProgramData\TEMP:B3196E8D deleted successfully.
ADS C:\ProgramData\TEMP:A7DA2BCD deleted successfully.
ADS C:\ProgramData\TEMP:9E76E7F3 deleted successfully.
ADS C:\ProgramData\TEMP:9A7BF72D deleted successfully.
ADS C:\ProgramData\TEMP:80F63EC3 deleted successfully.
ADS C:\ProgramData\TEMP:7A0EFE63 deleted successfully.
ADS C:\ProgramData\TEMP:7A032A04 deleted successfully.
ADS C:\ProgramData\TEMP:512E1728 deleted successfully.
ADS C:\ProgramData\TEMP:488F7244 deleted successfully.
ADS C:\ProgramData\TEMP:F8F070C2 deleted successfully.
ADS C:\ProgramData\TEMP:EC855C73 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP46ECFD5 .
ADS C:\ProgramData\TEMP:C928F3BE deleted successfully.
ADS C:\ProgramData\TEMP:AFB24B00 deleted successfully.
ADS C:\ProgramData\TEMP:AED33A42 deleted successfully.
ADS C:\ProgramData\TEMP:A88BE334 deleted successfully.
ADS C:\ProgramData\TEMP:9DF07E8F deleted successfully.
ADS C:\ProgramData\TEMP:98982C88 deleted successfully.
ADS C:\ProgramData\TEMP:80EA2EA3 deleted successfully.
ADS C:\ProgramData\TEMP:7972CF54 deleted successfully.
ADS C:\ProgramData\TEMP:6247E766 deleted successfully.
ADS C:\ProgramData\TEMP:51E1A4D8 deleted successfully.
ADS C:\ProgramData\TEMP:42A3BDD7 deleted successfully.
ADS C:\ProgramData\TEMP:3AD6342E deleted successfully.
ADS C:\ProgramData\TEMP:1B389835 deleted successfully.
ADS C:\ProgramData\TEMP:101708D3 deleted successfully.
ADS C:\ProgramData\TEMP:0DFE2AE1 deleted successfully.
ADS C:\ProgramData\TEMP:F3EFA8A8 deleted successfully.
ADS C:\ProgramData\TEMP:EDC744FB deleted successfully.
ADS C:\ProgramData\TEMP:C10635F6 deleted successfully.
ADS C:\ProgramData\TEMP:A6D89509 deleted successfully.
ADS C:\ProgramData\TEMP:A6D6E537 deleted successfully.
ADS C:\ProgramData\TEMP:9EE6560D deleted successfully.
ADS C:\ProgramData\TEMP:90865A6D deleted successfully.
ADS C:\ProgramData\TEMP:8944C195 deleted successfully.
ADS C:\ProgramData\TEMP:870649A4 deleted successfully.
ADS C:\ProgramData\TEMP:71004506 deleted successfully.
ADS C:\ProgramData\TEMP:61B54B15 deleted successfully.
ADS C:\ProgramData\TEMP:4FA837B4 deleted successfully.
ADS C:\ProgramData\TEMP:405D842B deleted successfully.
ADS C:\ProgramData\TEMP:3B812EE0 deleted successfully.
ADS C:\ProgramData\TEMP:315B4A13 deleted successfully.
ADS C:\ProgramData\TEMP:2E3F04BC deleted successfully.
ADS C:\ProgramData\TEMP:25249477 deleted successfully.
ADS C:\ProgramData\TEMP:FC8FFA4E deleted successfully.
ADS C:\ProgramData\TEMP:C7973317 deleted successfully.
ADS C:\ProgramData\TEMP:C0893153 deleted successfully.
ADS C:\ProgramData\TEMP:BB71BBA2 deleted successfully.
ADS C:\ProgramData\TEMP:7E082023 deleted successfully.
ADS C:\ProgramData\TEMP:74B9EA7F deleted successfully.
ADS C:\ProgramData\TEMP:6BFA43EB deleted successfully.
ADS C:\ProgramData\TEMP:6425A235 deleted successfully.
ADS C:\ProgramData\TEMP:55F44B88 deleted successfully.
ADS C:\ProgramData\TEMP:4C528C86 deleted successfully.
ADS C:\ProgramData\TEMP:3E200C29 deleted successfully.
ADS C:\ProgramData\TEMP:1B7E2022 deleted successfully.
ADS C:\ProgramData\TEMP:0E684AC9 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMPE875C30 .
Unable to delete ADS C:\ProgramData\TEMP5E0200E .
ADS C:\ProgramData\TEMP:C8AC644A deleted successfully.
ADS C:\ProgramData\TEMP:895A78C5 deleted successfully.
ADS C:\ProgramData\TEMP:7ADB695A deleted successfully.
ADS C:\ProgramData\TEMP:627153F1 deleted successfully.
ADS C:\ProgramData\TEMP:5520ED93 deleted successfully.
ADS C:\ProgramData\TEMP:4F7FE589 deleted successfully.
ADS C:\ProgramData\TEMP:38B32B54 deleted successfully.
ADS C:\ProgramData\TEMP:1D6B18F1 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMPE47A3DA .
Unable to delete ADS C:\ProgramData\TEMP8D58038 .
Unable to delete ADS C:\ProgramData\TEMP31BE97C .
Unable to delete ADS C:\ProgramData\TEMP2C57161 .
ADS C:\ProgramData\TEMP:CD9109D4 deleted successfully.
ADS C:\ProgramData\TEMP:C5E2BAEE deleted successfully.
ADS C:\ProgramData\TEMP:B60D5127 deleted successfully.
ADS C:\ProgramData\TEMP:85C3B823 deleted successfully.
ADS C:\ProgramData\TEMP:7CEDF9F3 deleted successfully.
ADS C:\ProgramData\TEMP:697DDE2B deleted successfully.
ADS C:\ProgramData\TEMP:5CE91C67 deleted successfully.
ADS C:\ProgramData\TEMP:5C6EBC69 deleted successfully.
ADS C:\ProgramData\TEMP:52C24010 deleted successfully.
ADS C:\ProgramData\TEMP:4DCAC4BC deleted successfully.
ADS C:\ProgramData\TEMP:3539CD43 deleted successfully.
ADS C:\ProgramData\TEMP:260575F1 deleted successfully.
ADS C:\ProgramData\TEMP:2495D97A deleted successfully.
ADS C:\ProgramData\TEMP:1CDEDE11 deleted successfully.
ADS C:\ProgramData\TEMP:072F1F69 deleted successfully.
ADS C:\ProgramData\TEMP:0696EC8E deleted successfully.
ADS C:\ProgramData\TEMP:008586AE deleted successfully.
ADS C:\ProgramData\TEMP:C22674B6 deleted successfully.
ADS C:\ProgramData\TEMP:BE40C8A2 deleted successfully.
ADS C:\ProgramData\TEMP:9B721CFF deleted successfully.
ADS C:\ProgramData\TEMP:842B0AED deleted successfully.
ADS C:\ProgramData\TEMP:69AF9D20 deleted successfully.
ADS C:\ProgramData\TEMP:61F0C8FB deleted successfully.
ADS C:\ProgramData\TEMP:5080697C deleted successfully.
ADS C:\ProgramData\TEMP:EC0A74A1 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMPD04902E .
Unable to delete ADS C:\ProgramData\TEMPC21D414 .
ADS C:\ProgramData\TEMP:A2FF62A6 deleted successfully.
ADS C:\ProgramData\TEMP:A0CB43B2 deleted successfully.
ADS C:\ProgramData\TEMP:9D03192E deleted successfully.
ADS C:\ProgramData\TEMP:9BAC4211 deleted successfully.
ADS C:\ProgramData\TEMP:98DFF516 deleted successfully.
ADS C:\ProgramData\TEMP:71612023 deleted successfully.
ADS C:\ProgramData\TEMP:71112705 deleted successfully.
ADS C:\ProgramData\TEMP:598E0FFA deleted successfully.
ADS C:\ProgramData\TEMP:48FEA089 deleted successfully.
ADS C:\ProgramData\TEMP:3815BC84 deleted successfully.
ADS C:\ProgramData\TEMP:0E636D62 deleted successfully.
ADS C:\ProgramData\TEMP:EA1919C7 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMPE6EED8B .
ADS C:\ProgramData\TEMP:B845F669 deleted successfully.
ADS C:\ProgramData\TEMP:B0456F0C deleted successfully.
ADS C:\ProgramData\TEMP:9E9A3410 deleted successfully.
ADS C:\ProgramData\TEMP:99B20AD0 deleted successfully.
ADS C:\ProgramData\TEMP:996104FC deleted successfully.
ADS C:\ProgramData\TEMP:961B84C5 deleted successfully.
ADS C:\ProgramData\TEMP:6F0B6A5A deleted successfully.
ADS C:\ProgramData\TEMP:4E243396 deleted successfully.
ADS C:\ProgramData\TEMP:370E4EFB deleted successfully.
ADS C:\ProgramData\TEMP:2871B698 deleted successfully.
ADS C:\ProgramData\TEMP:FC2D0F32 deleted successfully.
ADS C:\ProgramData\TEMP:CA8D6B60 deleted successfully.
ADS C:\ProgramData\TEMP:BD9F7E4E deleted successfully.
ADS C:\ProgramData\TEMP:AAA06E15 deleted successfully.
ADS C:\ProgramData\TEMP:93D985FC deleted successfully.
ADS C:\ProgramData\TEMP:918B7566 deleted successfully.
ADS C:\ProgramData\TEMP:689AB7E9 deleted successfully.
ADS C:\ProgramData\TEMP:5EF1AD34 deleted successfully.
ADS C:\ProgramData\TEMP:4673E9EA deleted successfully.
ADS C:\ProgramData\TEMP:17C48B08 deleted successfully.
ADS C:\ProgramData\TEMP:16A4620C deleted successfully.
ADS C:\ProgramData\TEMP:F5B51004 deleted successfully.
ADS C:\ProgramData\TEMP:E7B49FBF deleted successfully.
ADS C:\ProgramData\TEMP:E3B5F2D1 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP055FC10 .
ADS C:\ProgramData\TEMP:B1786630 deleted successfully.
ADS C:\ProgramData\TEMP:7B52659E deleted successfully.
ADS C:\ProgramData\TEMP:53B8C5D2 deleted successfully.
ADS C:\ProgramData\TEMP:4A906D4A deleted successfully.
ADS C:\ProgramData\TEMP:206470A5 deleted successfully.
ADS C:\ProgramData\TEMP:1392F09D deleted successfully.
ADS C:\ProgramData\TEMP:E895790F deleted successfully.
ADS C:\ProgramData\TEMP:E3CEEC4C deleted successfully.
ADS C:\ProgramData\TEMP:E2CFA9CD deleted successfully.
ADS C:\ProgramData\TEMP:B8384DB6 deleted successfully.
ADS C:\ProgramData\TEMP:A58B27C9 deleted successfully.
ADS C:\ProgramData\TEMP:9ACB70D7 deleted successfully.
ADS C:\ProgramData\TEMP:8E5EA40F deleted successfully.
ADS C:\ProgramData\TEMP:7547DA5B deleted successfully.
ADS C:\ProgramData\TEMP:6BD304B9 deleted successfully.
ADS C:\ProgramData\TEMP:63B38619 deleted successfully.
ADS C:\ProgramData\TEMP:3DB6F365 deleted successfully.
ADS C:\ProgramData\TEMP:237E4B91 deleted successfully.
ADS C:\ProgramData\TEMP:0E22C5DB deleted successfully.
ADS C:\ProgramData\TEMP:0AC32449 deleted successfully.
ADS C:\ProgramData\TEMP:CF61CE5A deleted successfully.
ADS C:\ProgramData\TEMP:AECF4772 deleted successfully.
ADS C:\ProgramData\TEMP:5FFC2819 deleted successfully.
ADS C:\ProgramData\TEMP:3D6B89CE deleted successfully.
ADS C:\ProgramData\TEMP:3D36932D deleted successfully.
ADS C:\ProgramData\TEMP:2B1EA607 deleted successfully.
ADS C:\ProgramData\TEMP:2AF322BF deleted successfully.
ADS C:\ProgramData\TEMP:275AA066 deleted successfully.
ADS C:\ProgramData\TEMP:054F0F17 deleted successfully.
ADS C:\ProgramData\TEMP:C30487EE deleted successfully.
ADS C:\ProgramData\TEMP:BD27B7FC deleted successfully.
ADS C:\ProgramData\TEMP:B2735F9E deleted successfully.
ADS C:\ProgramData\TEMP:B1381B34 deleted successfully.
ADS C:\ProgramData\TEMP:70E897B5 deleted successfully.
ADS C:\ProgramData\TEMP:6C5EC3CD deleted successfully.
ADS C:\ProgramData\TEMP:3E06C78F deleted successfully.
ADS C:\ProgramData\TEMP:3C282BEA deleted successfully.
ADS C:\ProgramData\TEMP:397D67BA deleted successfully.
ADS C:\ProgramData\TEMP:3086B95F deleted successfully.
ADS C:\ProgramData\TEMP:0F0A5896 deleted successfully.
ADS C:\ProgramData\TEMP:BE6B5FC3 deleted successfully.
ADS C:\ProgramData\TEMP:B904C348 deleted successfully.
ADS C:\ProgramData\TEMP:8BA6C9F8 deleted successfully.
ADS C:\ProgramData\TEMP:7CA7BED1 deleted successfully.
ADS C:\ProgramData\TEMP:55818279 deleted successfully.
ADS C:\ProgramData\TEMP:4DDE401B deleted successfully.
ADS C:\ProgramData\TEMP:B1FBA7E1 deleted successfully.
ADS C:\ProgramData\TEMP:A60D0FA6 deleted successfully.
ADS C:\ProgramData\TEMP:94B46CA2 deleted successfully.
ADS C:\ProgramData\TEMP:9491C9C7 deleted successfully.
ADS C:\ProgramData\TEMP:90D89144 deleted successfully.
ADS C:\ProgramData\TEMP:22313216 deleted successfully.
ADS C:\ProgramData\TEMP:1ECED34B deleted successfully.
ADS C:\ProgramData\TEMP:1B927722 deleted successfully.
ADS C:\ProgramData\TEMP:FAFEC4B9 deleted successfully.
ADS C:\ProgramData\TEMP:EF0C5444 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMPE9F4320 .
ADS C:\ProgramData\TEMP:BF6C81B2 deleted successfully.
ADS C:\ProgramData\TEMP:9A6EBBF2 deleted successfully.
ADS C:\ProgramData\TEMP:7C412B92 deleted successfully.
ADS C:\ProgramData\TEMP:774A0E14 deleted successfully.
ADS C:\ProgramData\TEMP:0D278FB5 deleted successfully.
ADS C:\ProgramData\TEMP:07241935 deleted successfully.
ADS C:\ProgramData\TEMP:067F588D deleted successfully.
ADS C:\ProgramData\TEMP:8B4B9596 deleted successfully.
ADS C:\ProgramData\TEMP:7FCB9D0D deleted successfully.
ADS C:\ProgramData\TEMP:6FE17A89 deleted successfully.
ADS C:\ProgramData\TEMP:5B6F7F60 deleted successfully.
ADS C:\ProgramData\TEMP:5197985B deleted successfully.
ADS C:\ProgramData\TEMP:29F0CA7D deleted successfully.
ADS C:\ProgramData\TEMP:24FECE50 deleted successfully.
ADS C:\ProgramData\TEMP:F42B5B0E deleted successfully.
ADS C:\ProgramData\TEMP:E91ADC66 deleted successfully.
ADS C:\ProgramData\TEMP:E732B44B deleted successfully.
ADS C:\ProgramData\TEMP:E411AA0D deleted successfully.
ADS C:\ProgramData\TEMP:CEF2A14E deleted successfully.
ADS C:\ProgramData\TEMP:4FE30352 deleted successfully.
ADS C:\ProgramData\TEMP:43982D5E deleted successfully.
ADS C:\ProgramData\TEMP:39C7B7C6 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMPF0BC727 .
Unable to delete ADS C:\ProgramData\TEMP507B5A8 .
ADS C:\ProgramData\TEMP:C8E82994 deleted successfully.
ADS C:\ProgramData\TEMP:409A775B deleted successfully.
ADS C:\ProgramData\TEMP:3C5ABDC7 deleted successfully.
ADS C:\ProgramData\TEMP:12D2EB9C deleted successfully.
ADS C:\ProgramData\TEMP:E51234A9 deleted successfully.
ADS C:\ProgramData\TEMP:7A0FEE87 deleted successfully.
ADS C:\ProgramData\TEMP:5E9B629B deleted successfully.
ADS C:\ProgramData\TEMP:3FD496E1 deleted successfully.
ADS C:\ProgramData\TEMP:331B76C7 deleted successfully.
ADS C:\ProgramData\TEMP:2E49FF93 deleted successfully.
ADS C:\ProgramData\TEMP:109734F6 deleted successfully.
ADS C:\ProgramData\TEMP:0ED4AC2F deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP0668210 .
ADS C:\ProgramData\TEMP:BDCD8531 deleted successfully.
ADS C:\ProgramData\TEMP:A3251D01 deleted successfully.
ADS C:\ProgramData\TEMP:50636E35 deleted successfully.
ADS C:\ProgramData\TEMP:43301D1D deleted successfully.
ADS C:\ProgramData\TEMP:090FB735 deleted successfully.
ADS C:\ProgramData\TEMP:97C4F81F deleted successfully.
ADS C:\ProgramData\TEMP:9398DBB4 deleted successfully.
ADS C:\ProgramData\TEMP:78E0DF72 deleted successfully.
ADS C:\ProgramData\TEMP:561B1D2B deleted successfully.
ADS C:\ProgramData\TEMP:523B97A0 deleted successfully.
ADS C:\ProgramData\TEMP:08D8BB20 deleted successfully.
ADS C:\ProgramData\TEMP:4FE42FFC deleted successfully.
ADS C:\ProgramData\TEMP:4573A78F deleted successfully.
ADS C:\ProgramData\TEMP:FC4EA67C deleted successfully.
ADS C:\ProgramData\TEMP:848CC150 deleted successfully.
ADS C:\ProgramData\TEMP:80B291A7 deleted successfully.
ADS C:\ProgramData\TEMP:3E988A0F deleted successfully.
ADS C:\ProgramData\TEMP:2BC498A4 deleted successfully.
ADS C:\ProgramData\TEMP:124B94C0 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP92485C9 .
ADS C:\ProgramData\TEMP:BA05E0C4 deleted successfully.
ADS C:\ProgramData\TEMP:6E86D926 deleted successfully.
ADS C:\ProgramData\TEMP:5D351BC6 deleted successfully.
ADS C:\ProgramData\TEMP:57B2B96C deleted successfully.
ADS C:\ProgramData\TEMP:569CEE83 deleted successfully.
ADS C:\ProgramData\TEMP:40D8F125 deleted successfully.
ADS C:\ProgramData\TEMP:95198126 deleted successfully.
ADS C:\ProgramData\TEMP:5A437AC3 deleted successfully.
ADS C:\ProgramData\TEMP:53DF59D1 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP48500F8 .
ADS C:\ProgramData\TEMP:CB0EB1DE deleted successfully.
ADS C:\ProgramData\TEMP:C0A9D0E7 deleted successfully.
ADS C:\ProgramData\TEMP:B2CD146E deleted successfully.
ADS C:\ProgramData\TEMP:7776B809 deleted successfully.
ADS C:\ProgramData\TEMP:6444B424 deleted successfully.
ADS C:\ProgramData\TEMP:177313FB deleted successfully.
ADS C:\ProgramData\TEMP:ED810E46 deleted successfully.
ADS C:\ProgramData\TEMP:E32966C0 deleted successfully.
ADS C:\ProgramData\TEMP:C07A6A6B deleted successfully.
ADS C:\ProgramData\TEMP:55BB2521 deleted successfully.
ADS C:\ProgramData\TEMP:225CD7D5 deleted successfully.
ADS C:\ProgramData\TEMP:F14D1F80 deleted successfully.
ADS C:\ProgramData\TEMP:8E7F155B deleted successfully.
ADS C:\ProgramData\TEMP:82529191 deleted successfully.
ADS C:\ProgramData\TEMP:27D1368B deleted successfully.
========== FILES ==========
C:\Users\HOPSI\AppData\Roaming\pdfforge\PDFArchitect folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\pdfforge\Images2PDF folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\pdfforge folder moved successfully.
C:\Windows\System32\pdfcmon.dll moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\HOPSI\Saubermacher\cmd.bat deleted successfully.
C:\Users\HOPSI\Saubermacher\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 84 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HOPSI
->Temp folder emptied: 2378393800 bytes
->Temporary Internet Files folder emptied: 43728183 bytes
->Java cache emptied: 5360894 bytes
->FireFox cache emptied: 56433260 bytes
->Google Chrome cache emptied: 128900337 bytes
->Flash cache emptied: 1157735 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 120463939 bytes
RecycleBin emptied: 345493 bytes

Total Files Cleaned = 2.608,00 mb


OTL by OldTimer - Version 3.2.44.0 log created on 06012012_161132

Files\Folders moved on Reboot...
C:\Windows\temp\TMP000000015177659A76C52EB2 moved successfully.

Registry entries deleted on Reboot...
Ich arbeite dann mal weiter an den Aufträgen.


Alt 01.06.2012, 16:01   #6
LeeLeeSob
 
Malwarebytes - Fund - Standard

Malwarebytes - Fund


zu 2.

+) Java Version 6 Update 32 installiert

Nun öffnet sich bei jedem Öffnen des IE oder auch nur eines neuen Tabs ein Fenster der Benutzerkonntensteuerung, die meine Zustimmung zum Fortsetzen fordert.


zu 3.

+) Beim Öffnen des IE erscheint nach wie vor folgendes Fenster:
Miniaturansicht angehängter Grafiken
Malwarebytes - Fund-screenie.jpg  

Alt 01.06.2012, 18:10   #7
LeeLeeSob
 
Malwarebytes - Fund - Standard

Malwarebytes - Fund


zu 4.

+) Nach Beheben der Fehler ist folgendes wieder aufgetaucht:

Zitat:
Ungenutzte Datei-Endungen .Images2PDF - pdfforge Images2PDF HKCR\.Images2PDF
Ungenutzte Datei-Endungen {80b8c23c-16e0-4cd8-bbc3-cecec9a78b79} HKCR\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}

zu 5.

+) hier das Ergebnis:

Zitat:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/01/2012 at 06:36 PM

Application Version : 5.0.1150

Core Rules Database Version : 8669
Trace Rules Database Version: 6481

Scan type : Complete Scan
Total Scan Time : 01:19:18

Operating System Information
Windows Vista Home Basic 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 666
Memory threats detected : 0
Registry items scanned : 35136
Registry threats detected : 0
File items scanned : 92029
File threats detected : 1

Adware.Tracking Cookie
C:\USERS\HOPSI\AppData\Roaming\Microsoft\Windows\Cookies\Low\EA3FYRM3.txt [ Cookie:hopsi@doubleclick.net/ ]
Passt das so? Ich konnte nämlich den Anweisungen nach dem Scan nicht exakt folgen, da die Abfolge eine andere war und "Präferenzen" beispielsweise hab ich gar nicht gesehen.

Also weiter im Text...

zu 6.

+) Eine Autorun.inf-Warnung krieg ich beinah stündlich von Avira, hatte ich vergessen zu erwähnen. Muss ich jetzt alle Autoruns löschen? Wenn ja, wie mach ich das? Die Warnung sieht so aus:

Zitat:
Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Datei 'D:\Autorun.inf' blockiert.

zu 7.

+) ESET hat nichts gefunden, weder intern noch extern.

So, ich arbeite weiter...

zu 8.

+) Ergebnis hier:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.06.2012 23:43:40 - Run 2
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Users\HOPSI\Saubermacher
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 55,15% Memory free
3,99 Gb Paging File | 2,91 Gb Available in Paging File | 73,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,74 Gb Total Space | 162,51 Gb Free Space | 72,63% Space Free | Partition Type: NTFS
Drive D: | 7,59 Gb Total Space | 0,75 Gb Free Space | 9,88% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,77% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTKIND-PC | User Name: HOPSI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.31 16:32:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\HOPSI\Saubermacher\OTL.exe
PRC - [2012.05.30 23:04:24 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012.05.21 22:38:02 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009.10.23 11:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.02.07 03:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2007.02.06 10:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\AEADISRV.EXE
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.01 18:51:36 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.06.01 18:51:36 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.06.01 17:14:48 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.06.01 17:14:47 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012.05.30 23:28:44 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2007.02.02 18:01:32 | 000,159,744 | ---- | M] () -- C:\WINDOWS\System32\atitmmxx.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.30 23:04:25 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009.10.23 11:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.18 20:38:43 | 000,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.03.18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:34:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\mprdim.dll -- (RemoteAccess)
SRV - [2007.02.07 03:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007.02.06 10:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.06.22 07:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.25 02:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009.04.29 08:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009.04.11 06:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (udfs)
DRV - [2008.11.21 22:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.01.19 08:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008.01.19 07:49:16 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2007.04.10 15:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007.02.02 18:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 11:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\mpio.sys -- (mpio)
DRV - [2006.11.02 11:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2006.11.02 11:49:44 | 000,023,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\msahci.sys -- (msahci)
DRV - [2006.11.02 11:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\wd.sys -- (Wd)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:26 | 000,015,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\amdide.sys -- (amdide)
DRV - [2006.11.02 11:49:24 | 000,014,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\intelide.sys -- (intelide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 11:03:00 | 000,242,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2006.11.02 10:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006.11.02 10:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006.11.02 10:55:08 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\circlass.sys -- (circlass)
DRV - [2006.11.02 10:55:05 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2006.11.02 10:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006.11.02 10:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006.11.02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006.11.02 10:51:38 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2006.11.02 10:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fdc.sys -- (fdc)
DRV - [2006.11.02 10:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2006.11.02 10:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2006.11.02 10:35:12 | 000,082,432 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sdbus.sys -- (sdbus)
DRV - [2006.11.02 10:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2006.11.02 10:30:18 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2006.11.02 10:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\processr.sys -- (Processor)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.10.30 13:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{7D5BAD03-414A-4CFA-B7D9-C70E26C59610}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2009.12.25 00:39:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOPSI\AppData\Roaming\mozilla\Extensions
[2009.11.20 15:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOPSI\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012.06.01 16:11:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOPSI\AppData\Roaming\mozilla\Firefox\Profiles\dvboq4hq.default\extensions
[2011.05.22 14:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOPSI\AppData\Roaming\mozilla\Firefox\Profiles\dvboq4hq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.04.05 01:49:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOPSI\AppData\Roaming\mozilla\Firefox\Profiles\dvboq4hq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.05.14 16:44:32 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\HOPSI\AppData\Roaming\mozilla\Firefox\Profiles\dvboq4hq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.02.25 22:46:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOPSI\AppData\Roaming\mozilla\Firefox\Profiles\dvboq4hq.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.06.01 14:11:36 | 000,342,516 | ---- | M] () (No name found) -- C:\USERS\HOPSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DVBOQ4HQ.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2011.05.24 14:29:48 | 000,207,859 | ---- | M] () (No name found) -- C:\USERS\HOPSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DVBOQ4HQ.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
[2011.04.05 01:50:14 | 000,348,376 | ---- | M] () (No name found) -- C:\USERS\HOPSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DVBOQ4HQ.DEFAULT\EXTENSIONS\{5C46D283-ABDE-4DCE-B83C-08881401921C}.XPI
[2011.06.01 14:11:36 | 000,059,667 | ---- | M] () (No name found) -- C:\USERS\HOPSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DVBOQ4HQ.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
[2011.04.05 01:50:27 | 000,739,428 | ---- | M] () (No name found) -- C:\USERS\HOPSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DVBOQ4HQ.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI
[2011.05.24 14:29:48 | 000,594,137 | ---- | M] () (No name found) -- C:\USERS\HOPSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DVBOQ4HQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
File not found (No name found) -- C:\USERS\HOPSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DVBOQ4HQ.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
[2011.05.22 14:08:21 | 000,300,553 | ---- | M] () (No name found) -- C:\USERS\HOPSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DVBOQ4HQ.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
File not found (No name found) -- C:\USERS\HOPSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DVBOQ4HQ.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
[2009.06.24 01:47:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\HOPSI\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\HOPSI\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\HOPSI\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\HOPSI\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\HOPSI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\HOPSI\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\HOPSI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\HOPSI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\HOPSI\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\HOPSI\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mystery%20Legends%20-%20Sleepy%20Hollow/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7ABCB6CD-81B2-4172-B0F3-B3AB3CDB32A5}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7ABCB6CD-81B2-4172-B0F3-B3AB3CDB32A5}: NameServer = 195.3.96.67,195.3.96.68
O18 - Protocol\Handler\schmap-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\HOPSI\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\HOPSI\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk D:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.01 19:20:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.01 17:14:28 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\AppData\Roaming\SUPERAntiSpyware.com
[2012.06.01 17:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.06.01 17:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.06.01 17:13:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.06.01 16:44:08 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.06.01 16:44:07 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.06.01 16:44:07 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.06.01 16:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.06.01 16:11:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.31 17:20:54 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\AppData\Local\PDFC
[2012.05.31 15:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Complete
[2012.05.31 15:12:19 | 000,015,368 | ---- | C] (PDF Complete, Inc.) -- C:\Windows\System32\pdfc_port.dll
[2012.05.31 15:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Complete
[2012.05.31 15:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFC
[2012.05.31 14:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange
[2012.05.31 14:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2012.05.31 14:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.05.31 14:51:22 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2012.05.31 14:51:17 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2012.05.31 14:51:17 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2012.05.31 14:51:17 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2012.05.31 14:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.05.31 02:22:18 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\AppData\Roaming\Avira
[2012.05.31 02:20:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.05.31 02:20:19 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.31 02:20:19 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.05.31 02:20:19 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.05.31 02:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.05.31 02:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.05.31 00:29:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.05.31 00:29:00 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.05.31 00:28:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.05.31 00:28:58 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.05.31 00:28:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.05.31 00:28:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.05.31 00:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.05.31 00:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.31 00:00:52 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.30 23:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012.05.30 23:57:26 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.05.30 23:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.05.30 23:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.05.30 23:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.05.30 23:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012.05.30 23:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012.05.30 23:50:45 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\AppData\Roaming\OpenCandy
[2012.05.30 23:49:50 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\System32\QtCore4.dll
[2012.05.30 23:49:50 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.05.30 23:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.05.30 23:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.05.30 23:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.05.30 23:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.05.30 23:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.05.30 23:31:27 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.05.30 23:28:16 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012.05.30 23:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012.05.30 23:12:01 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmfxhw32.dll
[2012.05.30 23:12:01 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmfxsw32.dll
[2012.05.30 23:11:47 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012.05.30 23:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2012.05.30 23:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012.05.30 23:04:24 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.05.30 23:04:24 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.05.30 23:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.05.30 23:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.05.30 22:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.30 22:27:16 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.05.30 22:27:16 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.05.30 22:27:15 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.05.30 22:27:15 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.05.30 22:27:15 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.05.30 22:27:15 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.05.30 22:27:15 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.05.30 22:27:15 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.05.30 22:27:15 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.05.30 22:27:15 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.05.30 22:27:15 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.05.30 22:27:14 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.05.30 22:27:14 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.05.30 22:27:14 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.05.30 22:27:14 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.05.30 22:27:14 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.05.30 22:27:14 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.05.30 22:27:14 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.05.30 22:27:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.05.30 22:27:14 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.05.30 22:27:13 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.05.30 22:27:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.05.30 22:27:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.05.30 22:27:13 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.05.30 22:27:13 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.05.30 22:27:13 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.05.30 22:27:13 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.05.30 22:27:13 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.05.30 22:27:13 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.05.30 22:27:13 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.05.30 22:27:12 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.05.30 21:48:46 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.05.30 21:37:54 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\Saubermacher
[2012.05.29 00:45:03 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\AppData\Roaming\Malwarebytes
[2012.05.29 00:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.27 14:38:26 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\AppData\Local\CrashDumps
[2012.05.16 15:16:55 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\AppData\Local\Deployment
[2012.05.16 15:16:55 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\AppData\Local\Apps
[2012.05.16 08:16:34 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\AppData\Roaming\Hdha
[2012.05.09 12:36:57 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.09 12:36:56 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.09 12:36:56 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.05.09 12:36:39 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.09 12:36:39 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.05.09 12:36:38 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.05.09 12:36:38 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.05.09 12:36:38 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.05.08 18:47:01 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\Documents\Befunde & Gutachten
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.01 23:21:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.01 22:47:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.01 22:47:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.01 21:43:47 | 000,639,026 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.01 21:43:47 | 000,604,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.01 21:43:47 | 000,130,946 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.01 21:43:47 | 000,108,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.01 18:47:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.01 18:45:59 | 000,006,396 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.06.01 17:13:34 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.01 01:16:27 | 000,400,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.31 16:30:56 | 000,000,000 | ---- | M] () -- C:\Users\HOPSI\defogger_reenable
[2012.05.31 14:59:31 | 000,000,988 | ---- | M] () -- C:\Users\HOPSI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012.05.31 02:20:44 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.31 00:00:54 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.30 23:52:46 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.05.30 23:49:55 | 000,000,992 | ---- | M] () -- C:\Users\HOPSI\Desktop\DVDVideoSoft Free Studio.lnk
[2012.05.30 23:31:00 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.05.30 23:31:00 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.05.30 23:04:24 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.05.30 23:04:24 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.05.30 22:49:21 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.30 22:27:25 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.05.30 22:27:25 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.05.30 22:27:16 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.05.30 22:27:16 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.05.30 22:27:15 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.05.30 22:27:15 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.05.30 22:27:15 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.05.30 22:27:15 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.05.30 22:27:15 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.05.30 22:27:15 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.05.30 22:27:15 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.05.30 22:27:15 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.05.30 22:27:15 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.05.30 22:27:14 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.05.30 22:27:14 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.05.30 22:27:14 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.05.30 22:27:14 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.05.30 22:27:14 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.05.30 22:27:14 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.05.30 22:27:14 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.05.30 22:27:14 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.05.30 22:27:14 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.05.30 22:27:14 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.05.30 22:27:13 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.05.30 22:27:13 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.05.30 22:27:13 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.05.30 22:27:13 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.05.30 22:27:13 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.05.30 22:27:13 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.05.30 22:27:13 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.05.30 22:27:13 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.05.30 22:27:13 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.05.30 22:27:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.05.30 22:27:12 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
 
========== Files Created - No Company Name ==========
 
[2012.06.01 17:13:34 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.31 16:30:56 | 000,000,000 | ---- | C] () -- C:\Users\HOPSI\defogger_reenable
[2012.05.31 14:59:31 | 000,000,988 | ---- | C] () -- C:\Users\HOPSI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012.05.31 02:20:44 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.31 00:00:54 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.30 23:52:46 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.05.30 23:49:55 | 000,000,992 | ---- | C] () -- C:\Users\HOPSI\Desktop\DVDVideoSoft Free Studio.lnk
[2012.05.30 23:45:21 | 000,000,840 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.05.30 23:04:25 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.30 23:02:08 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.05.30 22:49:21 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.30 22:27:14 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.04.03 14:11:54 | 000,220,948 | ---- | C] () -- C:\Windows\hpoins43.dat.temp
 
========== LOP Check ==========
 
[2011.06.12 10:17:18 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\1&1 Mail & Media GmbH
[2009.03.27 19:00:16 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\7Wonders
[2009.03.15 19:21:16 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Abra Academy
[2009.03.17 00:29:04 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Abra Academy2
[2009.10.03 15:12:33 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\ACD Systems
[2009.11.26 00:19:07 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Aisle 5 Games, Inc
[2009.11.30 01:22:35 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Artogon
[2009.11.10 23:20:41 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Azuaz Games
[2010.07.05 21:01:02 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Big Fish Games
[2010.01.03 01:28:53 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\blg
[2009.03.01 23:28:10 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\BloodTies
[2009.04.09 22:19:11 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\cerasus.media
[2009.03.21 22:03:02 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Coyotes Tale
[2009.12.27 21:40:58 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Cuttermaran
[2009.12.13 23:38:54 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Dekovir
[2009.08.24 20:00:53 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Dragon Altar Games
[2009.11.17 20:43:08 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\DriverCure
[2012.05.30 23:50:44 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\DVDVideoSoft
[2012.05.30 23:50:10 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.12 01:27:46 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Elephant Games
[2012.02.13 09:18:08 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Enki Games
[2009.11.28 22:56:36 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\ERS G-Studio
[2009.12.24 22:42:17 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\FlashGet
[2010.07.06 00:30:02 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Flood Light Games
[2009.03.15 18:17:29 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\FloodLightGames
[2010.07.05 23:19:36 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\FlyWheelGames
[2009.11.08 20:48:25 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Friday's games
[2012.02.08 04:44:34 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Frogwares
[2009.02.20 22:16:46 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Gaijin Ent
[2009.11.26 00:13:43 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\GameInvest
[2010.07.16 21:07:20 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Gamers Digital
[2009.10.27 00:18:37 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Games
[2009.11.07 22:48:07 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\GAMESHASTRA
[2009.03.22 17:40:35 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Gogii Games
[2009.12.03 22:29:22 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Gold Casual Games
[2011.02.09 19:23:36 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\gtk-2.0
[2012.05.16 14:13:48 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Hdha
[2008.09.11 02:19:05 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Hewlett Packard
[2009.10.10 00:25:17 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\HiT-MM
[2012.03.05 00:56:04 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\HitPoint Studios
[2008.09.11 02:44:25 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\InterVideo
[2009.11.29 00:22:32 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Island
[2010.01.16 17:43:28 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\ITTNord
[2010.02.20 21:21:17 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\JewelMatch2
[2009.02.28 22:49:40 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Legends of pirates
[2010.01.13 18:19:02 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\LimeWire
[2009.11.08 23:08:50 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Little Games Company
[2010.07.08 23:46:43 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Lost in the City
[2010.07.05 22:10:01 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\MA
[2009.03.22 22:41:39 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Magic Academy
[2009.10.20 23:22:44 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Meridian93
[2010.02.10 20:58:54 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Merscom
[2009.03.28 00:22:43 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Mushroom Age
[2012.03.10 09:33:56 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\My Games
[2009.08.06 00:18:24 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Mysteryville2
[2012.05.30 23:50:47 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\OpenCandy
[2008.12.05 22:08:38 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\OpenOffice.org
[2009.10.15 20:44:18 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\panoramik
[2009.12.07 22:23:43 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Ph03nixNewMedia
[2012.02.22 01:43:37 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\PlayFirst
[2010.10.30 17:48:44 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\PoBros
[2009.11.10 00:41:27 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Princess Isabella
[2009.03.22 01:52:43 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\RobinsonCrusoeBFGDE
[2009.12.27 16:08:45 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\SampleView
[2009.09.24 16:44:24 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Schmap
[2009.02.23 06:45:02 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\SecretIslandDeuBF
[2009.11.05 01:52:16 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\SerpentOfIsis
[2009.11.06 00:29:09 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\she_is_a_shadow
[2009.10.15 22:23:21 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Skunk Studios
[2009.02.24 00:55:06 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\SpinTop
[2010.02.10 23:37:58 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\SprillBermudeDeu
[2010.02.20 21:52:58 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\SprillRichiGerman
[2009.05.03 16:37:12 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Sudden Games
[2009.11.11 20:03:00 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\SultansLabyrinth
[2009.11.05 23:21:15 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\SulusGames
[2009.08.05 00:00:51 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\TheScruffs
[2009.03.02 23:15:24 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\TMInc
[2009.12.06 14:23:29 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Total Eclipse
[2009.10.15 23:34:33 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Twintale Entertainment
[2012.05.31 02:09:56 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Uniblue
[2009.03.26 20:16:43 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\URSE Games
[2009.12.09 00:00:26 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\V-Games
[2009.10.17 19:36:45 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\ValuSoft
[2009.10.08 23:12:23 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\ViquaSoft
[2012.02.24 09:51:24 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\Vogat Interactive
[2009.10.17 20:28:18 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\YoudaGames
[2008.09.11 02:27:19 | 000,000,000 | ---D | M] -- C:\Users\HOPSI\AppData\Roaming\{A004037C-8B9A-4390-9074-1D3EEE0A3BDF}
[2012.06.01 18:46:02 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:DFC3B090
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:D390A6A7
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:DC0B1070
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D46ECFD5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:DE875C30
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D5E0200E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DE47A3DA
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D8D58038
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D2C57161
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:DD04902E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:DC21D414
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DE6EED8B
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D055FC10
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DE9F4320
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DF0BC727
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:D507B5A8
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D0668210
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D92485C9
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D48500F8

< End of report >
--- --- ---


So, endlich fertig. Ich hoffe, ich hab alles richtig gemacht und du kannst damit arbeiten. Danke für deine Hilfe!

Alt 02.06.2012, 07:38   #8
kira
/// Helfer-Team
 
Malwarebytes - Fund - Standard

Malwarebytes - Fund


Zitat:
Zitat von LeeLeeSob Beitrag anzeigen
+) Nach Beheben der Fehler ist folgendes wieder aufgetaucht:
Zitat:
Ungenutzte Datei-Endungen .Images2PDF - pdfforge Images2PDF HKCR\.Images2PDF
vlt nächstemal schon weg

Zitat:
Ungenutzte Datei-Endungen {80b8c23c-16e0-4cd8-bbc3-cecec9a78b79} HKCR\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}
Ok, stammt von Avira, nicht löschbar!

wegen Autorun:
schaue mal nach, ob bei "Autorun blockieren" ein Haken gesetzt?

1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{7D5BAD03-414A-4CFA-B7D9-C70E26C59610}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
File not found (No name found) -- C:\USERS\HOPSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DVBOQ4HQ.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
File not found (No name found) -- C:\USERS\HOPSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DVBOQ4HQ.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:DFC3B090
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:D390A6A7
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:DC0B1070
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D46ECFD5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:DE875C30
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D5E0200E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DE47A3DA
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D8D58038
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D2C57161
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:DD04902E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:DC21D414
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DE6EED8B
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D055FC10
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DE9F4320
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DF0BC727
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:D507B5A8
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D0668210
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D92485C9
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D48500F8

:Files
C:\Users\HOPSI\AppData\Roaming\LimeWire
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

2.
kann ich nicht zuordnen, um was handelt es sich dabei ?:
Code:
ATTFilter
[2012.05.16 08:16:34 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\AppData\Roaming\Hdha
3.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!
Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!
Alt 02.06.2012, 13:44   #9
LeeLeeSob
 
Malwarebytes - Fund - Standard

Malwarebytes - Fund


Zitat:
Zitat von kira Beitrag anzeigen
vlt nächstemal schon weg
Hast recht, alles weg.

Zitat:
Zitat von kira Beitrag anzeigen
wegen Autorun:
schaue mal nach, ob bei "Autorun blockieren" ein Haken gesetzt?
Wo denn? *dummfrag*



2.
kann ich nicht zuordnen, um was handelt es sich dabei ?:
Code:
ATTFilter
[2012.05.16 08:16:34 | 000,000,000 | ---D | C] -- C:\Users\HOPSI\AppData\Roaming\Hdha
Ich habe nicht die leiseste Ahnung. *schäm*


Dann mach ich mich mal wieder an die Arbeit...


Fixen mit OTL:

Zitat:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7D5BAD03-414A-4CFA-B7D9-C70E26C59610}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D5BAD03-414A-4CFA-B7D9-C70E26C59610}\ not found.
ADS C:\ProgramData\TEMPFC3B090 deleted successfully.
ADS C:\ProgramData\TEMP390A6A7 deleted successfully.
ADS C:\ProgramData\TEMPC0B1070 deleted successfully.
ADS C:\ProgramData\TEMP46ECFD5 deleted successfully.
ADS C:\ProgramData\TEMPE875C30 deleted successfully.
ADS C:\ProgramData\TEMP5E0200E deleted successfully.
ADS C:\ProgramData\TEMPE47A3DA deleted successfully.
ADS C:\ProgramData\TEMP8D58038 deleted successfully.
ADS C:\ProgramData\TEMP31BE97C deleted successfully.
ADS C:\ProgramData\TEMP2C57161 deleted successfully.
ADS C:\ProgramData\TEMPD04902E deleted successfully.
ADS C:\ProgramData\TEMPC21D414 deleted successfully.
ADS C:\ProgramData\TEMPE6EED8B deleted successfully.
ADS C:\ProgramData\TEMP055FC10 deleted successfully.
ADS C:\ProgramData\TEMPE9F4320 deleted successfully.
ADS C:\ProgramData\TEMPF0BC727 deleted successfully.
ADS C:\ProgramData\TEMP507B5A8 deleted successfully.
ADS C:\ProgramData\TEMP0668210 deleted successfully.
ADS C:\ProgramData\TEMP92485C9 deleted successfully.
ADS C:\ProgramData\TEMP48500F8 deleted successfully.
========== FILES ==========
C:\Users\HOPSI\AppData\Roaming\LimeWire\xml\data folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\xml folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\themes\windows_theme folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\themes folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\promotion folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\mozilla-profile\updates\0 folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\mozilla-profile\updates folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\mozilla-profile\extensions folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\mozilla-profile\Cache folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\mozilla-profile folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\certificate folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\browser\xulrunner\res\html folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\browser\xulrunner\res folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\browser\xulrunner\plugins folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\browser\xulrunner\modules folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\browser\xulrunner\greprefs folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\browser\xulrunner\defaults folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\browser\xulrunner\components folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\browser\xulrunner\chrome folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\browser\xulrunner folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\browser folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire\.AppSpecialShare folder moved successfully.
C:\Users\HOPSI\AppData\Roaming\LimeWire folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\HOPSI\Saubermacher\cmd.bat deleted successfully.
C:\Users\HOPSI\Saubermacher\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HOPSI
->Temp folder emptied: 1045864 bytes
->Temporary Internet Files folder emptied: 43635398 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 82316578 bytes
->Flash cache emptied: 767 bytes

User: LeeLee
->Temp folder emptied: 65882 bytes
->Temporary Internet Files folder emptied: 299403 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119572403 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 235,00 mb


OTL by OldTimer - Version 3.2.44.0 log created on 06022012_145028

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
OTL-Scan

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.06.2012 15:04:13 - Run 3
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Users\HOPSI\Saubermacher
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 47,67% Memory free
3,99 Gb Paging File | 2,59 Gb Available in Paging File | 64,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,74 Gb Total Space | 161,16 Gb Free Space | 72,03% Space Free | Partition Type: NTFS
Drive D: | 7,59 Gb Total Space | 0,75 Gb Free Space | 9,88% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,77% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTKIND-PC | User Name: LeeLee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.31 16:32:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\HOPSI\Saubermacher\OTL.exe
PRC - [2012.05.30 23:04:24 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012.05.21 22:38:02 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:48:48 | 000,466,896 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avscan.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009.10.23 11:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.19 09:38:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2007.02.07 03:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2007.02.06 10:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\AEADISRV.EXE
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.02 14:54:07 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.06.02 14:54:07 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.06.01 17:14:48 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.06.01 17:14:47 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012.05.30 23:28:44 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2007.02.16 17:40:42 | 005,521,408 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007.02.16 17:40:40 | 001,466,368 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2007.02.02 18:01:32 | 000,159,744 | ---- | M] () -- C:\WINDOWS\System32\atitmmxx.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.30 23:04:25 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009.10.23 11:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.18 20:38:43 | 000,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.03.18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:34:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\mprdim.dll -- (RemoteAccess)
SRV - [2007.02.07 03:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007.02.06 10:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.06.22 07:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.25 02:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009.04.29 08:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009.04.11 06:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (udfs)
DRV - [2008.11.21 22:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.01.19 08:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008.01.19 07:49:16 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2007.04.10 15:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007.02.02 18:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 11:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\mpio.sys -- (mpio)
DRV - [2006.11.02 11:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2006.11.02 11:49:44 | 000,023,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\msahci.sys -- (msahci)
DRV - [2006.11.02 11:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\wd.sys -- (Wd)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:26 | 000,015,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\amdide.sys -- (amdide)
DRV - [2006.11.02 11:49:24 | 000,014,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\intelide.sys -- (intelide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 11:03:00 | 000,242,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2006.11.02 10:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006.11.02 10:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006.11.02 10:55:08 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\circlass.sys -- (circlass)
DRV - [2006.11.02 10:55:05 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2006.11.02 10:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006.11.02 10:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006.11.02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006.11.02 10:51:38 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2006.11.02 10:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fdc.sys -- (fdc)
DRV - [2006.11.02 10:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2006.11.02 10:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2006.11.02 10:35:12 | 000,082,432 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sdbus.sys -- (sdbus)
DRV - [2006.11.02 10:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2006.11.02 10:30:18 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2006.11.02 10:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\processr.sys -- (Processor)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.10.30 13:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hp.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hp.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mystery%20Legends%20-%20Sleepy%20Hollow/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7ABCB6CD-81B2-4172-B0F3-B3AB3CDB32A5}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7ABCB6CD-81B2-4172-B0F3-B3AB3CDB32A5}: NameServer = 195.3.96.67,195.3.96.68
O18 - Protocol\Handler\schmap-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk D:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.02 01:35:21 | 000,000,000 | ---D | C] -- C:\Users\LeeLee\AppData\Roaming\ATI
[2012.06.02 01:35:21 | 000,000,000 | ---D | C] -- C:\Users\LeeLee\AppData\Local\ATI
[2012.06.02 01:35:13 | 000,000,000 | ---D | C] -- C:\Users\LeeLee\AppData\Roaming\Adobe
[2012.06.02 01:34:15 | 000,000,000 | ---D | C] -- C:\Users\LeeLee\AppData\Local\PDFC
[2012.06.02 01:34:09 | 000,000,000 | R--D | C] -- C:\Users\LeeLee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.06.02 01:34:09 | 000,000,000 | R--D | C] -- C:\Users\LeeLee\Searches
[2012.06.02 01:34:09 | 000,000,000 | R--D | C] -- C:\Users\LeeLee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.06.02 01:33:58 | 000,000,000 | ---D | C] -- C:\Users\LeeLee\AppData\Roaming\Identities
[2012.06.02 01:33:56 | 000,000,000 | R--D | C] -- C:\Users\LeeLee\Contacts
[2012.06.02 01:33:36 | 000,000,000 | ---D | C] -- C:\Users\LeeLee\AppData\Local\VirtualStore
[2012.06.02 01:33:33 | 000,000,000 | -HSD | C] -- C:\Users\LeeLee\Vorlagen
[2012.06.02 01:33:33 | 000,000,000 | -HSD | C] -- C:\Users\LeeLee\AppData\Local\Verlauf
[2012.06.02 01:33:33 | 000,000,000 | -HSD | C] -- C:\Users\LeeLee\AppData\Local\Temporary Internet Files
[2012.06.02 01:33:33 | 000,000,000 | -HSD | C] -- C:\Users\LeeLee\Startmenü
[2012.06.02 01:33:33 | 000,000,000 | -HSD | C] -- C:\Users\LeeLee\SendTo
[2012.06.02 01:33:33 | 000,000,000 | -HSD | C] -- C:\Users\LeeLee\Recent
[2012.06.02 01:33:33 | 000,000,000 | -HSD | C] -- C:\Users\LeeLee\Netzwerkumgebung
[2012.06.02 01:33:33 | 000,000,000 | -HSD | C] -- C:\Users\LeeLee\Lokale Einstellungen
[2012.06.02 01:33:33 | 000,000,000 | -HSD | C] -- C:\Users\LeeLee\Documents\Eigene Videos
[2012.06.02 01:33:33 | 000,000,000 | -HSD | C] -- C:\Users\LeeLee\Documents\Eigene Musik
[2012.06.02 01:33:33 | 000,000,000 | -HSD | C] -- C:\Users\LeeLee\Eigene Dateien
[2012.06.02 01:33:33 | 000,000,000 | -HSD | C] -- C:\Users\LeeLee\Documents\Eigene Bilder
[2012.06.02 01:33:33 | 000,000,000 | -HSD | C] -- C:\Users\LeeLee\Druckumgebung
[2012.06.02 01:33:33 | 000,000,000 | -HSD | C] -- C:\Users\LeeLee\Cookies
[2012.06.02 01:33:33 | 000,000,000 | -HSD | C] -- C:\Users\LeeLee\AppData\Local\Anwendungsdaten
[2012.06.02 01:33:33 | 000,000,000 | -HSD | C] -- C:\Users\LeeLee\Anwendungsdaten
[2012.06.02 01:33:30 | 000,000,000 | --SD | C] -- C:\Users\LeeLee\AppData\Roaming\Microsoft
[2012.06.02 01:33:30 | 000,000,000 | R--D | C] -- C:\Users\LeeLee\Videos
[2012.06.02 01:33:30 | 000,000,000 | R--D | C] -- C:\Users\LeeLee\Saved Games
[2012.06.02 01:33:30 | 000,000,000 | R--D | C] -- C:\Users\LeeLee\Pictures
[2012.06.02 01:33:30 | 000,000,000 | R--D | C] -- C:\Users\LeeLee\Music
[2012.06.02 01:33:30 | 000,000,000 | R--D | C] -- C:\Users\LeeLee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.06.02 01:33:30 | 000,000,000 | R--D | C] -- C:\Users\LeeLee\Links
[2012.06.02 01:33:30 | 000,000,000 | R--D | C] -- C:\Users\LeeLee\Favorites
[2012.06.02 01:33:30 | 000,000,000 | R--D | C] -- C:\Users\LeeLee\Downloads
[2012.06.02 01:33:30 | 000,000,000 | R--D | C] -- C:\Users\LeeLee\Documents
[2012.06.02 01:33:30 | 000,000,000 | R--D | C] -- C:\Users\LeeLee\Desktop
[2012.06.02 01:33:30 | 000,000,000 | R--D | C] -- C:\Users\LeeLee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.06.02 01:33:30 | 000,000,000 | -H-D | C] -- C:\Users\LeeLee\AppData
[2012.06.02 01:33:30 | 000,000,000 | ---D | C] -- C:\Users\LeeLee\AppData\Local\Temp
[2012.06.02 01:33:30 | 000,000,000 | ---D | C] -- C:\Users\LeeLee\AppData\Local\Microsoft Help
[2012.06.02 01:33:30 | 000,000,000 | ---D | C] -- C:\Users\LeeLee\AppData\Local\Microsoft
[2012.06.02 01:33:30 | 000,000,000 | ---D | C] -- C:\Users\LeeLee\AppData\Roaming\Macromedia
[2012.06.02 01:33:30 | 000,000,000 | ---D | C] -- C:\Users\LeeLee\AppData\Roaming\hpqLog
[2012.06.01 19:20:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.01 17:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.06.01 17:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.06.01 17:13:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.06.01 16:44:08 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.06.01 16:44:07 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.06.01 16:44:07 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.06.01 16:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.06.01 16:11:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.31 15:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Complete
[2012.05.31 15:12:19 | 000,015,368 | ---- | C] (PDF Complete, Inc.) -- C:\Windows\System32\pdfc_port.dll
[2012.05.31 15:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Complete
[2012.05.31 15:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFC
[2012.05.31 14:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange
[2012.05.31 14:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2012.05.31 14:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.05.31 14:51:22 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2012.05.31 14:51:17 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2012.05.31 14:51:17 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2012.05.31 14:51:17 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2012.05.31 14:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.05.31 02:20:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.05.31 02:20:19 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.31 02:20:19 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.05.31 02:20:19 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.05.31 02:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.05.31 02:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.05.31 00:29:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.05.31 00:29:00 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.05.31 00:28:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.05.31 00:28:58 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.05.31 00:28:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.05.31 00:28:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.05.31 00:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.05.31 00:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.31 00:00:52 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.30 23:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012.05.30 23:57:26 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.05.30 23:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.05.30 23:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.05.30 23:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.05.30 23:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012.05.30 23:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012.05.30 23:49:50 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\System32\QtCore4.dll
[2012.05.30 23:49:50 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.05.30 23:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.05.30 23:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.05.30 23:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.05.30 23:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.05.30 23:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.05.30 23:31:27 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.05.30 23:28:16 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012.05.30 23:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012.05.30 23:12:01 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmfxhw32.dll
[2012.05.30 23:12:01 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmfxsw32.dll
[2012.05.30 23:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2012.05.30 23:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012.05.30 23:04:24 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.05.30 23:04:24 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.05.30 23:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.05.30 23:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.05.30 22:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.30 22:27:16 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.05.30 22:27:16 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.05.30 22:27:15 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.05.30 22:27:15 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.05.30 22:27:15 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.05.30 22:27:15 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.05.30 22:27:15 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.05.30 22:27:15 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.05.30 22:27:15 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.05.30 22:27:15 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.05.30 22:27:15 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.05.30 22:27:14 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.05.30 22:27:14 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.05.30 22:27:14 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.05.30 22:27:14 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.05.30 22:27:14 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.05.30 22:27:14 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.05.30 22:27:14 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.05.30 22:27:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.05.30 22:27:14 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.05.30 22:27:13 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.05.30 22:27:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.05.30 22:27:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.05.30 22:27:13 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.05.30 22:27:13 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.05.30 22:27:13 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.05.30 22:27:13 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.05.30 22:27:13 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.05.30 22:27:13 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.05.30 22:27:13 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.05.30 22:27:12 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.05.29 00:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.09 12:36:57 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.09 12:36:56 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.09 12:36:56 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.05.09 12:36:39 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.09 12:36:39 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.05.09 12:36:38 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.05.09 12:36:38 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.05.09 12:36:38 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.02 14:52:29 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.02 14:52:28 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.02 14:52:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.02 14:51:20 | 000,006,396 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.06.02 14:21:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.01 21:43:47 | 000,639,026 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.01 21:43:47 | 000,604,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.01 21:43:47 | 000,130,946 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.01 21:43:47 | 000,108,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.01 17:13:34 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.01 01:16:27 | 000,400,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.31 02:20:44 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.31 00:00:54 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.30 23:52:46 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.05.30 23:31:00 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.05.30 23:31:00 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.05.30 23:04:24 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.05.30 23:04:24 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.05.30 22:49:21 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.30 22:27:25 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.05.30 22:27:25 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.05.30 22:27:16 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.05.30 22:27:16 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.05.30 22:27:15 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.05.30 22:27:15 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.05.30 22:27:15 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.05.30 22:27:15 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.05.30 22:27:15 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.05.30 22:27:15 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.05.30 22:27:15 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.05.30 22:27:15 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.05.30 22:27:15 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.05.30 22:27:14 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.05.30 22:27:14 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.05.30 22:27:14 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.05.30 22:27:14 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.05.30 22:27:14 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.05.30 22:27:14 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.05.30 22:27:14 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.05.30 22:27:14 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.05.30 22:27:14 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.05.30 22:27:14 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.05.30 22:27:13 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.05.30 22:27:13 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.05.30 22:27:13 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.05.30 22:27:13 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.05.30 22:27:13 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.05.30 22:27:13 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.05.30 22:27:13 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.05.30 22:27:13 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.05.30 22:27:13 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.05.30 22:27:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.05.30 22:27:12 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
 
========== Files Created - No Company Name ==========
 
[2012.06.02 01:34:11 | 000,000,909 | ---- | C] () -- C:\Users\LeeLee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.06.02 01:34:08 | 000,000,904 | ---- | C] () -- C:\Users\LeeLee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.06.02 01:33:56 | 000,000,875 | ---- | C] () -- C:\Users\LeeLee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.06.01 17:13:34 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.31 02:20:44 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.31 00:00:54 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.30 23:52:46 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.05.30 23:45:21 | 000,000,840 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.05.30 23:04:25 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.30 23:02:08 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.05.30 22:49:21 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.30 22:27:14 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.04.03 14:11:54 | 000,220,948 | ---- | C] () -- C:\Windows\hpoins43.dat.temp
 
========== LOP Check ==========
 
[2012.06.02 14:51:19 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


und:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.06.2012 15:04:13 - Run 3
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Users\HOPSI\Saubermacher
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 47,67% Memory free
3,99 Gb Paging File | 2,59 Gb Available in Paging File | 64,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,74 Gb Total Space | 161,16 Gb Free Space | 72,03% Space Free | Partition Type: NTFS
Drive D: | 7,59 Gb Total Space | 0,75 Gb Free Space | 9,88% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,77% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTKIND-PC | User Name: LeeLee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Users\HOPSI\Downloads\Diverses\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Users\HOPSI\Downloads\Diverses\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{34DA11C1-BD18-43F8-A35A-D6B49681F819}" = rport=139 | protocol=6 | dir=out | app=system | 
"{566BFDC2-46AD-452C-AC85-B0EC6204702E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6B954BF8-270F-441A-81B1-0501EEBC6604}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B049E7AC-AF9E-4734-A9C4-3744A0194E3C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B074E03E-D552-4ED0-8A70-1689B0CC4C8F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{B8F97EAC-98B1-4BDD-9EBC-534C781DBF15}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C5969AE3-B109-40C1-A074-B9E1C20CE68F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C5BD03AD-343C-443A-8A28-91C3EC49F40E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CA22E9AC-2C29-4C55-93C7-AC5505324EB1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D4B2E3FA-1A01-4BBF-A32B-73DC39862F7D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E2413390-1B71-4FD0-8A64-B45156760F39}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0508E06E-9137-410F-8821-C4F048AFD936}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0A4CD25B-AB04-485B-B840-B6E44EBD8D9C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2AE147C5-75B1-4371-953C-8326CCE7DD82}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{4BD4061C-54B2-446F-B20E-60B7D075076A}" = dir=in | app=f:\setup\hpznui01.exe | 
"{62BF7E73-32F3-42DD-BA6C-0D54C2444184}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A7EA1774-BEA4-4E99-8393-316F4C11786E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D0645F4C-E97D-4884-86E6-7542BFC37E3A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{0EFD96BD-BCC1-4038-8BA8-9392AD8A9799}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{2C5AFD57-BA15-4182-BCC5-8B4A2C5475BD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{C39CBA12-9D67-42AC-BEA7-28BAC98F8322}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"UDP Query User{1ACD41DA-844A-4BA7-8F09-2FC1504CD08F}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"UDP Query User{3D1C7612-4857-484E-ABD7-2A44F6C970B2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{4A790FB5-A793-4A96-91E2-F77154A12902}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02C03AE0-E898-5C22-AFD4-877466FFBD98}" = CCC Help English
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07FB18CF-3F76-43AC-0F02-B2DC201D27F4}" = Catalyst Control Center Localization Thai
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{09B17771-7F41-193C-4B8B-93B07653707C}" = Catalyst Control Center Localization Czech
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{15ADCB87-FB9D-BE4B-89EB-A5439DADACEB}" = CCC Help Japanese
"{160FB2C2-37D9-C291-9B79-B660241AD747}" = Catalyst Control Center Localization Dutch
"{19CA53A9-E256-6AF1-28FA-EE61A88886CA}" = Catalyst Control Center Localization Chinese Traditional
"{1A239B49-FDA5-8BCF-05E9-15C69A8591F7}" = Catalyst Control Center Localization Swedish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{228FAF8F-3380-6579-E37D-8AE663A543EE}" = CCC Help Russian
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{2692EC5B-A136-5340-C10C-4FA987FBA569}" = Catalyst Control Center Localization Spanish
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{279F3807-2744-5B05-1CD5-612097502559}" = CCC Help Polish
"{27A94385-A7BD-17DA-3827-E54A3B203E7C}" = CCC Help Chinese Traditional
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2B5BC746-6594-F319-D806-BA97C1B3D8E9}" = Catalyst Control Center Localization Japanese
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{2E2499C1-D876-D3A5-5329-23719AF4EEA5}" = CCC Help French
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3583F14B-42A8-C383-37B1-6186DD87BA46}" = Catalyst Control Center Localization Korean
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36262360-D6DF-EFAE-7AB2-5FE47F01BB8A}" = Catalyst Control Center Graphics Full Existing
"{36720FFD-D8DC-502D-5B59-97261633B847}" = Catalyst Control Center Graphics Full New
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3B1815F1-A388-CBA9-439E-8D97D0A9C6FB}" = CCC Help Portuguese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{426C7CC1-5AC3-4758-A40C-6446F2CEA8C9}" = ccc-Branding
"{4282CA13-4119-B9F9-A13D-F7E8C61978F9}" = CCC Help Turkish
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{541847E5-E8C5-075B-9F2B-2FF2A3C971C1}" = Catalyst Control Center Localization Hungarian
"{5B1E200F-327D-AA06-4990-8E1505DFC754}" = CCC Help Greek
"{5D7347E1-AE03-478B-3BE2-F1279693F745}" = ccc-utility
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5E156316-7276-D0B6-D6CD-A356B897FAB3}" = CCC Help Hungarian
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6276CABC-7E19-4945-9A9C-3549D965E687}" = CCC Help Danish
"{6368D4AE-BFC1-4AAD-25AD-7EBA1CDEAFF0}" = CCC Help Thai
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{67D3B081-1389-D544-6889-3E3BA2691171}" = CCC Help Korean
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{6BA9955E-1F40-7E11-1488-228DAEFB0FD8}" = CCC Help Italian
"{6E8C9958-A445-06B7-9180-F1C546E90B6B}" = Catalyst Control Center Localization Chinese Standard
"{6EF125F8-F86B-C019-2A11-53D9C99AEE00}" = Catalyst Control Center Localization Danish
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75918444-A9D8-86F4-3644-08917713894F}" = CCC Help German
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B3CDDCA-0913-D8CE-F4E1-E0F8D0200B87}" = CCC Help Norwegian
"{8CC5F040-44F2-4FB7-9720-47F53F96D180}" = MSCU for Microsoft Vista
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{990BA001-D69F-9DB2-56CE-88E0399B30FB}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C4AED81-8040-28D3-FCE3-E87DC2B948EC}" = Catalyst Control Center Localization German
"{A1A34147-C621-1D90-3C27-D90CF2E1ADFA}" = CCC Help Czech
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2F07A9-7EB5-4185-BAA9-A02F56F1396A}" = CCC Help Dutch
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B19B5C55-573E-14F3-0047-7029B5618529}" = Catalyst Control Center Graphics Light
"{B33E503B-8A82-E0EF-1ABE-06BF0489A6F9}" = CCC Help Swedish
"{B7A7937C-B0B5-1040-FC2E-EB05872EF72C}" = Catalyst Control Center Localization Turkish
"{B7F2B452-4461-88FF-EFD0-8E888D1A4C2D}" = CCC Help Spanish
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{BC281B89-4AF1-D881-ABB3-853444E7C1D5}" = Catalyst Control Center Localization Greek
"{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools
"{C41A421C-59F6-8393-014A-F655460AD5F5}" = CCC Help Finnish
"{C6271F2D-3D0A-439B-BD78-584E017C636E}" = Vista Default Settings
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D02B9787-3152-A4A0-43E9-AF5E62715D4E}" = Catalyst Control Center Localization Polish
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe  1.6.43.1
"{DB11E77A-8184-C8D3-55DF-73F937EE2F3D}" = Catalyst Control Center Localization Norwegian
"{DB58F76A-5B4F-DD75-7AD5-EDA4500BC7AC}" = ATI Catalyst Install Manager
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DDDBC1AF-504A-3E17-4A74-E8C69D2C0D0E}" = Catalyst Control Center Localization Finnish
"{DEDBEB69-C5E7-4904-A885-9227C8D982B0}" = HP MULTIPLE WLAN INSTALLER for VISTA
"{DFE967A8-9C30-413C-B2D5-C0D576949553}" = ESU for Microsoft Vista
"{E03D8FE4-70BF-26F8-DA3B-974E3A561308}" = CCC Help Chinese Standard
"{E25074CB-A222-3A2D-0542-CC5BAD57ED76}" = Catalyst Control Center Localization Russian
"{E25AA53F-6878-4C64-8130-EB8D678DF303}" = HP User Guides 0064
"{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC04A654-128B-5439-0198-E1178E1E6E76}" = Catalyst Control Center Core Implementation
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EF6CEC13-B014-8BD5-5E56-78E68494A167}" = Catalyst Control Center Localization Italian
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F4144B54-EA3B-72F5-D464-211A1D7BAB95}" = Catalyst Control Center Localization Portuguese
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B5554B-5CDE-4D16-9ACF-00BFB1ACD668}" = HP BIOS Configuration for ProtectTools
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FAFC99FB-4361-7B69-AF2B-87A60406B60C}" = Catalyst Control Center Localization French
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Media Player_is1" = AVS Media Player 4.1.6.80
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"Free Studio_is1" = Free Studio version 5.5.0
"GIMP-2_is1" = GIMP 2.8.0
"HP QuickLook_is1" = HP QuickLook
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PDF Complete" = PDF Complete Special Edition
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.1
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.05.2012 19:31:55 | Computer Name = CHRISTKIND-PC | Source = MsiInstaller | ID = 11714
Description = 
 
Error - 30.05.2012 19:35:28 | Computer Name = CHRISTKIND-PC | Source = VSS | ID = 8194
Description = 
 
Error - 30.05.2012 20:04:09 | Computer Name = CHRISTKIND-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 30.05.2012 20:35:06 | Computer Name = CHRISTKIND-PC | Source = VSS | ID = 8194
Description = 
 
Error - 30.05.2012 22:24:00 | Computer Name = CHRISTKIND-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 31.05.2012 07:08:40 | Computer Name = CHRISTKIND-PC | Source = VSS | ID = 8194
Description = 
 
Error - 31.05.2012 11:16:03 | Computer Name = CHRISTKIND-PC | Source = Application Hang | ID = 1002
Description = Programm avcenter.exe, Version 12.3.0.15 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: f50  Anfangszeit: 01cd3f3f728190ef  Zeitpunkt der Beendigung:
 1703
 
Error - 31.05.2012 11:29:36 | Computer Name = CHRISTKIND-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 02.06.2012 08:54:55 | Computer Name = CHRISTKIND-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung UI0Detect.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918db3, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d,  Prozess-ID 0x5c0, Anwendungsstartzeit
 01cd40bee8a784db.
 
Error - 02.06.2012 08:59:44 | Computer Name = CHRISTKIND-PC | Source = Application Hang | ID = 1002
Description = Programm osk.exe, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1718  Anfangszeit: 01cd40bf4efca33d  Zeitpunkt der Beendigung:
 47
 
[ Credential Manager Events ]
Error - 11.10.2009 08:27:21 | Computer Name = CHRISTKIND-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: HOPSI@CHRISTKIND-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 13.10.2009 10:26:16 | Computer Name = CHRISTKIND-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: HOPSI@CHRISTKIND-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 18.10.2009 13:09:41 | Computer Name = CHRISTKIND-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: HOPSI@CHRISTKIND-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 11.11.2009 17:30:50 | Computer Name = CHRISTKIND-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: HOPSI@CHRISTKIND-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 16.11.2009 16:55:39 | Computer Name = CHRISTKIND-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: HOPSI@CHRISTKIND-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 20.11.2009 08:32:11 | Computer Name = CHRISTKIND-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: HOPSI@CHRISTKIND-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 25.11.2009 16:58:01 | Computer Name = CHRISTKIND-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: HOPSI@CHRISTKIND-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 28.11.2009 15:20:28 | Computer Name = CHRISTKIND-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: HOPSI@CHRISTKIND-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 05.12.2009 17:18:04 | Computer Name = CHRISTKIND-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: HOPSI@CHRISTKIND-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 27.12.2009 07:48:51 | Computer Name = CHRISTKIND-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: HOPSI@CHRISTKIND-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
[ System Events ]
Error - 01.06.2012 20:48:55 | Computer Name = CHRISTKIND-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 02.06.2012 06:11:49 | Computer Name = CHRISTKIND-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 02.06.2012 06:11:49 | Computer Name = CHRISTKIND-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 02.06.2012 08:50:28 | Computer Name = CHRISTKIND-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 02.06.2012 08:53:51 | Computer Name = CHRISTKIND-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 02.06.2012 08:53:51 | Computer Name = CHRISTKIND-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 02.06.2012 08:53:51 | Computer Name = CHRISTKIND-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 02.06.2012 08:53:51 | Computer Name = CHRISTKIND-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 02.06.2012 08:55:00 | Computer Name = CHRISTKIND-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 02.06.2012 08:55:00 | Computer Name = CHRISTKIND-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
--- --- ---


Passt das so?
Geändert von LeeLeeSob (02.06.2012 um 14:00 Uhr)

Alt 02.06.2012, 19:12   #10
kira
/// Helfer-Team
 
Malwarebytes - Fund - Standard

Malwarebytes - Fund


Antivir konfigurieren-> Expertenmodus-> Guard-> Suche, Weitere Aktionen-> Haken weg bei Autostart blockieren...

1.
Windows Defender:
Parallel zu ein AV-Programm nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender
Windows Defender komplett deaktivieren

Start => Systemsteuerung => Klassische Ansicht => Windows Defender oder
Windows Defender starten (C:\Programme\Windows Defender\MSASCui.exe)

Extras => Optionen => Automatische Überprüfung => Haken bei "Computer automatisch überprüfen" entfernen.
Extras => Optionen => Echtzeitschutz => Haken bei "Echtzeitschutz aktivieren" entfernen.
Extras => Optionen => Administrator => Haken bei "Dieses Programm verwenden" entfernen.

Start => services.msc ins Suchfeld eingeben.
Es öffnet sich das Fenster der Dienste
Doppelklick auf den Dienst "Windows Defender"
Starttyp auf "Manuell" umstellen.
Dienststatus beenden, falls der Dienst noch gestartet ist.
► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen
► Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen

2.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKCU\..\SearchScopes,DefaultScope = 
O4 - HKCU..\Run: []  File not found

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

sonst Probleme?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!
Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!
Alt 03.06.2012, 14:45   #11
LeeLeeSob
 
Malwarebytes - Fund - Standard

Malwarebytes - Fund


+)Avira - Autorun blockieren aufgehoben.

+)Defender - läuft nicht mehr, auf "manuell" konnte ich aber nicht umstellen, die Funktion war grau hinterlegt.

+) OTL:

Zitat:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\HOPSI\Saubermacher\cmd.bat deleted successfully.
C:\Users\HOPSI\Saubermacher\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HOPSI
->Temp folder emptied: 70556 bytes
->Temporary Internet Files folder emptied: 88677729 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 68983842 bytes
->Flash cache emptied: 767 bytes

User: LeeLee
->Temp folder emptied: 32504 bytes
->Temporary Internet Files folder emptied: 33300 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119573651 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 265,00 mb


OTL by OldTimer - Version 3.2.44.0 log created on 06032012_152248

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Ich hab mal ein paar Sachen ausprobiert und nachgesehen:
+) Windows Mail merkt sich immer noch kein Passwort.
+) PDF-Dateien können nicht geöffnet werden.
+) Im IE konnten keine gespeicherten Favoriten mehr angeklickt werden, neu hinzugefügte funktionieren aber.

+) Avira läuft wieder reibungslos, ohne beim Suchlauf hängen zu bleiben.

+) Ob der Scanner immer noch Software vermisst, die eigentlich da ist, weiß ich grad nicht, weil wieder deinstalliert.



Zitat:
Zitat von kira Beitrag anzeigen
3.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Standard Suchmaschine des Explorers ändern
Ich hab jetzt nach dieser Anleitung versucht, die Standard-Suchmaschine zu ändern, weil ja alles was ich im Fenster anklicke irgendwie wertlos ist, auch das wird schlicht nicht gespeichert. Funktioniert aber nicht, ich bekomme nur eine Fehlermeldung.
Geändert von LeeLeeSob (03.06.2012 um 15:08 Uhr)

Alt 17.06.2012, 06:46   #12
kira
/// Helfer-Team
 
Malwarebytes - Fund - Standard

Malwarebytes - Fund


1.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird GMER beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

2.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
  • Downloade die MBR.exe von Gmer und
    kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
    Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  • Start => ausführen => cmd (da reinschreiben) => OK
    es öffnet sich eine Eingabeaufforderung.

    Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
  • Nach dem Prompt (>_) folgenden

    aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
    Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

    Code:
    ATTFilter
    mbr.exe -t > C:\mbr.log & C:\mbr.log
    (Enter drücken)
  • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
    Bitte kopiere den Inhalt hier in Deinen Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!
Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!
Antwort

Themen zu Malwarebytes - Fund
administrator, anti-malware, autostart, avira, dateien, dateisystem, defender, explorer, folge, gelöscht, google, heuristiks/extra, heuristiks/shuriken, laptop, malwarebytes, nicht mehr, passwort, probleme, pup.funwebproducts, quarantäne, scan, service pack 2, software, softwareproblem, speicher, version, vista


« Bundepolizei Trojaner wie bei XP entfernen? OTL-log files vorhanden. Kasp.RescueCD10 klappt nicht | Maleware "Deutschlandflagge" »


Ähnliche Themen: Malwarebytes - Fund


  1. Malwarebytes fund
    Log-Analyse und Auswertung - 02.11.2015 (21)
  2. Fund Malwarebytes
    Log-Analyse und Auswertung - 11.09.2015 (11)
  3. Malwarebytes-Scan mit Fund
    Log-Analyse und Auswertung - 17.06.2015 (28)
  4. Fund bei Malwarebytes: OpenCandy und Spigot
    Plagegeister aller Art und deren Bekämpfung - 05.03.2015 (28)
  5. Trojan Agent - Fund von Malwarebytes
    Log-Analyse und Auswertung - 22.12.2014 (16)
  6. Malwarebytes-Scan mit Fund
    Log-Analyse und Auswertung - 12.09.2014 (19)
  7. Windows 8 - Malwarebytes-Fund PUP.Optional,
    Log-Analyse und Auswertung - 27.07.2014 (8)
  8. Windows7: 30min. Bootvorgang + Fund Malwarebytes
    Log-Analyse und Auswertung - 21.07.2014 (13)
  9. Windows 8: Malwarebytes Fund PUP.Optional
    Log-Analyse und Auswertung - 02.07.2014 (9)
  10. Windows 7: Malwarebytes Fund von PUP.optional
    Log-Analyse und Auswertung - 14.06.2014 (8)
  11. Malwarebytes meldet Fund - syshost.exe
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (16)
  12. Malwarebytes Fund - PUP.OfferBundler.ST
    Log-Analyse und Auswertung - 02.06.2012 (1)
  13. Fund bei Malwarebytes - Security Hijack -
    Plagegeister aller Art und deren Bekämpfung - 14.05.2012 (21)
  14. Broken.OpenCommand Malwarebytes fund
    Log-Analyse und Auswertung - 08.02.2012 (8)
  15. Malwarebytes und OTL melden keinen Fund
    Plagegeister aller Art und deren Bekämpfung - 26.11.2010 (12)
  16. 1. AntiVIR - 1 Fund TR/Spy.Gen 2. Malwarebytes - 51 Funde
    Plagegeister aller Art und deren Bekämpfung - 01.04.2010 (1)
  17. Malwarebytes Fund
    Log-Analyse und Auswertung - 24.12.2009 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Malwarebytes - Fund - Nachdem Avira mehrmals aufgehängt und der Defender sich ständig ausgeschaltet hat, hab ich Malwarebytes laufen lassen und folgendes kam dabei raus: Zitat: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.28.04 Windows - Malwarebytes - Fund...
Archiv
Du betrachtest: Malwarebytes - Fund auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55