MyStart Incredibar in Firefox, IE und Chrome

hoochiecoo · 29.07.2012, 11:27

Hi!

Beim Update auf die neue Version des VLC-Players habe ich sorgfältig die Häkchen bei "Wollen Sie die unnütze Incredibar installieren?" entfernt, trotzdem änderte sich nach dem nächsten Klick das Browserfenster meines FF und seitdem werde ich das Ding nicht mehr los.
Ich habe das Programm in der Systemsteuerung deinstalliert und das FF-Addon deinstalliert, aber immer noch öffnet sich jeder neue Tab in FF, IE und Chrome zu "MyStart Incredibar.com".

Ich habe superantispyware.exe scannen und bereinigen lassen, ich habe danach adwcleaner.exe scannen und bereinigen lassen - es bleibt aber alles unverändert.

Für jede Hilfe wäre ich dankbar.

Hier nun die OTL.txt (Extras.txt als .zip im Anhang)

OTL logfile created on: 29.07.2012 11:33:26 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 58,55% Memory free
6,22 Gb Paging File | 4,87 Gb Available in Paging File | 78,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 12,31 Gb Free Space | 2,76% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 8,44 Gb Free Space | 42,23% Space Free | Partition Type: FAT32

Computer Name: +++ | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.29 11:27:43 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.06.26 13:10:30 | 001,516,632 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2012.06.21 05:01:58 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012.06.11 19:19:36 | 000,468,992 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.06.11 19:19:02 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012.06.11 11:33:26 | 000,724,376 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.06.11 11:33:14 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012.06.11 11:33:06 | 000,126,872 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 07:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.04.01 16:31:53 | 002,423,296 | ---- | M] () -- C:\Program Files\hamster\Hamster.exe
PRC - [2011.10.15 10:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.10.15 10:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2010.08.26 16:53:46 | 000,687,104 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\ACPService.exe
PRC - [2010.08.26 16:53:22 | 000,765,952 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\ACPGUI.dll
PRC - [2009.05.05 15:16:00 | 000,058,112 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.18 14:56:32 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2008.11.07 17:43:36 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008.11.07 17:39:36 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008.07.21 17:32:08 | 000,087,336 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe
PRC - [2008.07.10 10:52:58 | 000,040,960 | ---- | M] (sonix) -- C:\Windows\PLF2050.exe
PRC - [2008.05.21 10:36:08 | 000,103,992 | ---- | M] (PGP Corporation) -- C:\Windows\System32\PGPserv.exe
PRC - [2008.05.07 16:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.02 15:27:18 | 000,684,032 | ---- | M] (Sonix) -- C:\Windows\vspc2050.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.10.19 17:42:38 | 000,290,909 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2007.10.19 17:42:38 | 000,114,779 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2007.10.19 17:42:02 | 000,155,648 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
PRC - [2007.10.09 00:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.09 00:19:20 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.07 01:26:10 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HomeCinema\PlayMovie\PMVService.exe
PRC - [2007.06.27 10:18:40 | 000,215,256 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
PRC - [2007.06.27 10:18:20 | 000,293,080 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
PRC - [2007.06.27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2007.06.27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe
PRC - [2007.06.27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
PRC - [2007.06.27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
PRC - [2007.06.27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
PRC - [2007.06.27 10:14:40 | 000,439,512 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2007.04.13 18:14:28 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
PRC - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe
PRC - [2007.02.12 11:46:34 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe

========== Modules (No Company Name) ==========

MOD - [2012.06.26 13:11:10 | 000,345,688 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2012.06.26 13:11:08 | 000,282,200 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2012.06.26 13:11:02 | 008,197,208 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2012.06.26 13:11:00 | 002,302,040 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2012.06.26 13:10:58 | 000,202,328 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2012.06.26 13:10:58 | 000,027,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2012.06.13 14:03:49 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9104e78d8897df008eed3a2af3bda6a2\WindowsFormsIntegration.ni.dll
MOD - [2012.06.13 14:02:08 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012.06.13 13:42:13 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.13 13:42:00 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.13 13:41:39 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012.06.13 13:39:10 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012.06.11 18:24:32 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2012.06.11 12:45:06 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012.05.09 01:40:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.09 01:39:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.09 01:32:28 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.09 01:31:00 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012.05.09 01:30:38 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll
MOD - [2012.05.09 01:28:56 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.05.09 01:28:52 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.09 01:28:13 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.04.04 07:54:04 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU
MOD - [2012.04.01 16:31:53 | 002,423,296 | ---- | M] () -- C:\Program Files\hamster\Hamster.exe
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.08.26 16:53:50 | 000,357,888 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\Resources.dll
MOD - [2010.08.26 16:53:34 | 000,898,048 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\ACPPlugins.dll
MOD - [2010.08.26 16:53:22 | 000,765,952 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\ACPGUI.dll
MOD - [2010.08.26 16:52:02 | 000,470,016 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\ACP_Lib.dll
MOD - [2010.08.26 16:51:32 | 000,166,912 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\ACPSharedTypes.dll
MOD - [2010.08.26 16:51:22 | 000,315,904 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\Common.dll
MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2007.10.19 17:42:34 | 000,339,968 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLTinyDB.dll
MOD - [2007.10.19 17:42:20 | 000,245,858 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll
MOD - [2007.10.19 17:42:20 | 000,114,780 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLSchMgr.dll
MOD - [2007.10.19 17:42:20 | 000,032,768 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll

========== Win32 Services (SafeList) ==========

SRV - [2012.07.19 16:20:24 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.21 05:01:58 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.06.11 19:19:02 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.06.11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.08.26 16:53:46 | 000,687,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Philips\CamSuite\2.0.15.0\ACPService.exe -- (ACPService)
SRV - [2009.06.13 19:47:02 | 000,068,760 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008.11.07 17:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.05.21 10:36:08 | 000,103,992 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Windows\System32\PGPserv.exe -- (PGPserv)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.19 17:42:38 | 000,290,909 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc)
SRV - [2007.10.19 17:42:38 | 000,114,779 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched)
SRV - [2007.10.09 00:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.06.27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2007.06.27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe -- (QualityManager)
SRV - [2007.06.27 10:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2007.06.27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2007.06.27 10:15:28 | 000,039,640 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE)
SRV - [2007.06.27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2007.06.27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore)
SRV - [2007.06.27 10:13:56 | 000,268,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2007.02.12 11:46:34 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - File not found [File_System | Boot | Running] -- -- (MFX)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.06.11 20:58:44 | 008,733,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2012.06.11 20:58:44 | 008,733,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.06.11 18:25:48 | 000,295,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.06.11 11:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.02.23 14:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2012.01.09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.11.07 12:33:59 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio)
DRV - [2010.08.27 14:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.10 10:44:48 | 000,022,328 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\DVDSYS32_100507.sys -- (MSI_DVD_010507)
DRV - [2010.05.10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010.05.10 10:44:36 | 000,016,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\VGASYS32_100507.sys -- (MSI_VGASYS_010507)
DRV - [2010.03.26 01:17:20 | 000,220,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2010.01.29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009.12.18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009.09.24 09:30:02 | 001,006,816 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009.04.14 12:03:05 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaura.sys -- (avmaura)
DRV - [2009.03.18 14:56:06 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/07/23 11:50:55] [Kernel | Auto | Running] -- C:\Program Files\HomeCinema\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2009.01.20 12:16:54 | 003,002,240 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\spc2050.sys -- (SPC2050)
DRV - [2008.09.26 10:53:00 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.09.26 10:52:00 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.05.21 10:36:16 | 000,204,856 | ---- | M] (PGP Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PGPwded.sys -- (PGPwded)
DRV - [2008.05.21 10:36:06 | 000,040,504 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPsdk.sys -- (PGPsdkDriver)
DRV - [2008.05.21 10:35:52 | 000,115,768 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\PGPfsfd.sys -- (pgpfs)
DRV - [2008.05.21 10:35:48 | 000,245,816 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPdisk.sys -- (PGPdisk)
DRV - [2008.05.07 11:40:04 | 000,088,704 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\phaudlwr.sys -- (phaudlwr)
DRV - [2007.12.08 11:35:56 | 000,124,416 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Hanna\AppData\Local\Temp\PCD65X2.sys -- (PCD65X2)
DRV - [2007.12.08 11:35:56 | 000,120,320 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV65.sys -- (SSHDRV65)
DRV - [2007.12.04 18:10:30 | 000,016,640 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007.10.15 18:13:27 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007.10.11 12:21:34 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\HomeCinema\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2007.09.21 10:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.06.27 10:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007.05.07 03:00:00 | 000,537,600 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fpcibase.sys -- (FPCIBASE)
DRV - [2007.05.07 03:00:00 | 000,064,512 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2007.05.03 11:19:16 | 000,066,472 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\avmport.sys -- (AVMPORT)
DRV - [2007.02.18 20:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2007.01.17 14:30:00 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Spyder2.sys -- (Spyder2)
DRV - [2007.01.12 10:54:50 | 000,010,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Medion\BIOS\winflash192\WinFlash.sys -- (WINFLASH)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {2E819C12-E6DD-4389-95A2-6B615AC502D9}
IE - HKCU\..\SearchScopes\{2E819C12-E6DD-4389-95A2-6B615AC502D9}: "URL" = hxxp://www.exalead.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{C3377DAF-0754-4C19-9715-B4069C6FA7BA}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{CDC8C8F1-1253-4D76-B776-E80775EC1B4E}: "URL" = hxxp://www.metager.de/meta/cgi-bin/meta.ger1?wissRank=on&sprueche=on&eingabe={searchTerms}
IE - HKCU\..\SearchScopes\{E4B4DBFA-02EE-4D98-9161-0DF4EE6ABDB7}: "URL" = hxxp://search.ebay.de/search/search.dll?satitle={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\palmOne\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.04.23 01:26:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.16 21:09:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.21 19:35:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.06.19 15:48:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2012.07.14 12:04:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 16:20:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.23 01:51:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.16 21:09:48 | 000,000,000 | ---D | M]

[2012.03.19 20:28:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.03.19 20:28:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2009.11.08 19:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\uploadr@flickr.com
[2012.07.28 03:37:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0sm4g0h5.Standard-Benutzer\extensions
[2012.07.28 03:11:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0sm4g0h5.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.28 03:11:05 | 000,000,000 | ---D | M] (Copy Plain Text) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0sm4g0h5.Standard-Benutzer\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
[2012.07.28 03:11:05 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0sm4g0h5.Standard-Benutzer\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2012.07.28 03:11:05 | 000,000,000 | ---D | M] (Operator) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0sm4g0h5.Standard-Benutzer\extensions\{95C9A302-8557-4052-91B7-2BB6BA33C885}
[2012.07.28 03:11:05 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0sm4g0h5.Standard-Benutzer\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.28 03:11:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0sm4g0h5.Standard-Benutzer\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.28 03:11:07 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0sm4g0h5.Standard-Benutzer\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2012.07.28 03:11:08 | 000,000,000 | ---D | M] (surfclarity) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0sm4g0h5.Standard-Benutzer\extensions\{DFBEBDA6-4BFF-46E3-A968-5CCAE63E747A}
[2012.07.28 03:11:08 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0sm4g0h5.Standard-Benutzer\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012.07.28 03:11:11 | 000,000,000 | ---D | M] (Plain Text Links) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0sm4g0h5.Standard-Benutzer\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}
[2012.07.28 03:11:11 | 000,000,000 | ---D | M] (ViewSourceWith) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0sm4g0h5.Standard-Benutzer\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}
[2012.07.28 03:11:02 | 000,000,000 | ---D | M] ("Better YouTube") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0sm4g0h5.Standard-Benutzer\extensions\betteryoutube@ginatrapani.org
[2012.07.28 03:24:37 | 000,000,000 | ---D | M] (Perspectives) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0sm4g0h5.Standard-Benutzer\extensions\perspectives@cmu.edu
[2012.07.28 03:11:04 | 000,000,000 | ---D | M] ("SSL Blacklist") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0sm4g0h5.Standard-Benutzer\extensions\sslblacklist@codefromthe70s.org
[2012.07.28 19:02:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nsoopf0p.default\extensions
[2008.03.14 12:21:44 | 000,000,000 | ---D | M] (SwitchProxy Tool) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nsoopf0p.default\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531}
[2008.06.19 00:08:37 | 000,000,000 | ---D | M] (Stealther) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nsoopf0p.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}
[2012.07.28 02:31:33 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nsoopf0p.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2007.12.02 03:46:28 | 000,000,000 | ---D | M] (Copy Plain Text) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nsoopf0p.default\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
[2012.07.28 02:31:34 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nsoopf0p.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.10.03 19:18:42 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nsoopf0p.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.28 02:31:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nsoopf0p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.28 02:30:19 | 000,000,000 | ---D | M] (ViewSourceWith) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nsoopf0p.default\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}
[2008.11.22 00:45:11 | 000,000,000 | ---D | M] ("Better YouTube") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nsoopf0p.default\extensions\betteryoutube@ginatrapani.org
[2012.07.19 16:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions
[2010.04.27 10:27:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.02.12 18:44:08 | 000,000,000 | ---D | M] (Copy Plain Text) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
[2011.05.15 10:31:07 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.08.09 18:25:05 | 000,000,000 | ---D | M] (Operator) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{95C9A302-8557-4052-91B7-2BB6BA33C885}
[2010.10.03 19:18:42 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.02 13:47:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.01.11 17:45:15 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2010.01.10 04:08:09 | 000,000,000 | ---D | M] (surfclarity) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{DFBEBDA6-4BFF-46E3-A968-5CCAE63E747A}
[2012.06.02 13:47:16 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010.01.27 13:46:54 | 000,000,000 | ---D | M] (Plain Text Links) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}
[2012.01.05 08:17:26 | 000,000,000 | ---D | M] (ViewSourceWith) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}
[2009.02.12 18:44:06 | 000,000,000 | ---D | M] ("Better YouTube") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\betteryoutube@ginatrapani.org
[2012.06.27 18:50:14 | 000,000,000 | ---D | M] (Perspectives) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\perspectives@cmu.edu
[2010.02.01 01:29:09 | 000,000,000 | ---D | M] ("SSL Blacklist") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\sslblacklist@codefromthe70s.org
[2012.03.18 20:11:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.07.19 16:20:25 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007.02.05 00:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012.03.18 20:11:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.18 20:11:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.18 20:11:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.18 20:11:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.18 20:11:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.18 20:11:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: about:blank
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: about:blank
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\gears.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: LizardTech DjVu (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\palmOne\PACKAG~1\NPInstal.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011.06.11 14:22:41 | 000,000,763 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PLF2050] C:\Windows\PLF2050.exe (sonix)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [spc2050] C:\Windows\vspc2050.exe (Sonix)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\***\AppData\Local\Apps\2.0\NV4B77TJ.RLV\ZA3RV21M.ADH\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Facebook Update] C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2008.12.06 03:36:40 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!fax.lnk = C:\Program Files\FRITZ!\FriFax32.exe (AVM Berlin)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hamster.lnk = C:\Program Files\hamster\Hamster.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ISDNWatch.lnk = C:\Program Files\FRITZ!\IWatch.exe (AVM Berlin)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\klickIdent 19.lnk = C:\Program Files\klickIdent Herbst 2007\klickIdentPP.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telefon- und Branchenbuch Herbst 2007 - Schnellstarter.lnk = C:\Program Files\klickTel\Telefon- und Branchenbuch Herbst 2007\KSTART32.EXE (klickTel AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PGPlsp.dll (PGP Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\PGPlsp.dll (PGP Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: apemap.com ([]http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: com ([www.msi] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: myname.de ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: elsteronline.de ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: fernuni-hagen.de ([ca] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{365D6CE8-3EB7-4D59-9B24-20AA50C5C322}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74B45BF2-3149-4401-821E-193CB8EF9E3D}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.29 11:27:41 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.29 11:02:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2012.07.28 18:18:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.07.28 03:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012.07.28 02:58:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\yy2si1gp.Test
[2012.07.27 11:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2012.07.23 01:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.07.14 18:00:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations
[2012.07.14 12:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2012.07.14 12:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite
[2012.07.14 12:03:15 | 000,019,072 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2012.07.14 12:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012.07.14 11:41:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\dvdcss
[2012.07.08 10:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.07.08 10:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012.07.08 10:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.07.03 18:24:46 | 000,030,256 | ---- | C] (Macromedia, Inc.) -- C:\Windows\macromix.dll
[2012.07.03 18:24:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Findus
[2012.07.03 18:24:38 | 000,000,000 | ---D | C] -- C:\FINDUS
[2012.07.03 18:23:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Terzio - Oetinger
[2010.07.02 08:23:49 | 000,322,352 | ---- | C] (BitTorrent, Inc.) -- C:\Users\***\AppData\Local\uTorrent.exe
[2009.07.25 15:21:38 | 003,786,240 | ---- | C] (www.BabelStone.co.uk/Software/BabelMap.html) -- C:\Program Files\BabelMap.exe
[2009.02.16 14:03:05 | 000,520,192 | ---- | C] (Andrew Zhezherun) -- C:\Program Files\WinDjView-0.5.exe
[2008.07.28 21:58:00 | 000,953,344 | ---- | C] (Squared 5) -- C:\Program Files\MPEG_Streamclip.exe
[2008.07.28 14:22:38 | 000,237,568 | ---- | C] (Derrow/Decision Development) -- C:\Program Files\VobEdit.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.29 11:42:11 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B3D2BDFD-4BCC-4E26-A292-781810C0B8D0}.job
[2012.07.29 11:40:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8FFE2620-F3A6-4A3D-8DE1-28BB43424C7F}.job
[2012.07.29 11:27:43 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.29 11:27:00 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.07.29 11:24:56 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.07.29 11:23:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.29 11:21:00 | 000,001,164 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004UA.job
[2012.07.29 11:02:30 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.29 10:53:57 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.29 10:53:57 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.29 10:53:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.29 10:53:47 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.29 03:10:59 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20120729_031051.reg
[2012.07.29 01:00:00 | 000,001,182 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004UA.job
[2012.07.29 00:56:53 | 000,254,616 | ---- | M] () -- C:\Users\***\Documents\cc_20120729_005608.reg
[2012.07.28 18:21:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004Core.job
[2012.07.28 18:06:46 | 000,015,532 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2012.07.28 03:22:35 | 000,000,454 | ---- | M] () -- C:\user.js
[2012.07.28 02:48:10 | 000,032,768 | ---- | M] () -- C:\Users\***\places.sqlite-shm
[2012.07.28 02:45:56 | 000,531,512 | ---- | M] () -- C:\Users\***\places.sqlite-wal-default
[2012.07.28 02:45:06 | 000,391,432 | ---- | M] () -- C:\Users\***\places.sqlite-wal
[2012.07.28 01:58:03 | 000,000,805 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012.07.27 11:50:04 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.07.27 11:50:03 | 000,037,888 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.27 11:12:22 | 000,000,740 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2012.07.27 10:52:39 | 000,681,218 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.27 10:52:39 | 000,640,270 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.27 10:52:39 | 000,148,594 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.27 10:52:39 | 000,122,258 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.26 10:00:00 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004Core.job
[2012.07.12 15:27:18 | 000,395,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.03 18:24:46 | 000,030,256 | ---- | M] (Macromedia, Inc.) -- C:\Windows\macromix.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.29 11:27:00 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.07.29 11:24:53 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.07.29 10:53:35 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.29 03:10:55 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20120729_031051.reg
[2012.07.29 00:56:15 | 000,254,616 | ---- | C] () -- C:\Users\***\Documents\cc_20120729_005608.reg
[2012.07.28 18:16:24 | 000,001,164 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004UA.job
[2012.07.28 18:16:23 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004Core.job
[2012.07.28 03:22:34 | 000,000,454 | ---- | C] () -- C:\user.js
[2012.07.28 02:48:08 | 000,032,768 | ---- | C] () -- C:\Users\***\places.sqlite-shm
[2012.07.28 02:45:55 | 000,531,512 | ---- | C] () -- C:\Users\***\places.sqlite-wal-default
[2012.07.28 02:45:04 | 000,391,432 | ---- | C] () -- C:\Users\***\places.sqlite-wal
[2012.06.29 01:51:14 | 011,632,640 | ---- | C] () -- C:\Users\***\AppData\Roaming\Sandra.mdb
[2012.06.29 01:51:14 | 000,000,064 | ---- | C] () -- C:\Users\***\AppData\Roaming\Sandra.ldb
[2012.06.11 13:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.04.29 16:21:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.12 21:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.10.12 21:28:52 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.09.13 18:30:37 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.09.13 18:30:37 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.09.13 18:30:37 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.09.13 18:30:37 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.09.13 18:30:37 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.09.13 18:30:37 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.09.13 18:30:37 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.09.13 18:30:36 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.09.13 18:30:36 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.09.13 18:30:36 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.09.13 18:30:36 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.09.13 18:30:36 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.09.13 18:30:36 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.09.13 18:30:36 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.09.13 18:30:36 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.09.13 18:30:36 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.09.13 18:30:36 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.09.13 18:30:36 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.09.13 18:30:36 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.08.17 15:58:59 | 000,001,518 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2011.07.17 12:22:10 | 000,015,532 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.11.10 19:40:16 | 000,000,483 | ---- | C] () -- C:\ProgramData\CamSuite.ini
[2010.09.18 17:44:11 | 003,002,240 | ---- | C] () -- C:\Windows\System32\drivers\spc2050.sys
[2010.09.18 17:44:11 | 000,851,968 | ---- | C] () -- C:\Windows\System32\Dll_Volume_Ctrl.dll
[2010.09.18 17:44:11 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\cspc2050.dll
[2010.09.18 17:44:11 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\spc2050c.sys
[2010.09.18 17:44:11 | 000,015,497 | ---- | C] () -- C:\Windows\spc2050.ini
[2010.08.16 21:09:29 | 000,023,689 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.08.16 21:07:02 | 000,078,213 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010.07.30 19:53:15 | 000,202,467 | ---- | C] () -- C:\Windows\hpwins24.dat
[2010.06.15 10:28:00 | 051,206,459 | ---- | C] () -- C:\Users\***\gutschein.pspimage
[2010.02.26 09:45:14 | 000,350,720 | ---- | C] () -- C:\Program Files\hjsplit.exe
[2009.02.04 16:32:33 | 002,658,495 | ---- | C] () -- C:\Users\***\moltovitale-tour-2008-10-09-134.jpg
[2008.12.14 15:08:54 | 001,527,924 | -H-- | C] () -- C:\Users\***\ZbThumbnail.info
[2008.07.31 11:01:34 | 000,025,197 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2008.07.29 13:37:27 | 000,000,580 | ---- | C] () -- C:\Users\***\AppData\Roaming\AutoGK.ini
[2008.07.28 21:58:01 | 000,078,825 | ---- | C] () -- C:\Program Files\MPEG Streamclip Guide.rtf
[2008.07.23 09:07:52 | 007,100,928 | ---- | C] () -- C:\Program Files\PocketDivXEncoder_0.3.96.exe
[2008.03.14 12:35:49 | 000,384,199 | ---- | C] () -- C:\Users\***\jap.conf
[2007.12.26 22:21:15 | 000,000,198 | ---- | C] () -- C:\Users\***\AppData\Roaming\default.pls
[2007.12.25 22:07:06 | 000,001,024 | ---- | C] () -- C:\Users\***\.rnd
[2007.12.10 10:20:12 | 000,037,888 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.09 14:56:52 | 000,000,326 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2007.12.01 18:57:16 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.12.01 17:17:12 | 000,000,104 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat

========== LOP Check ==========

[2009.09.30 08:38:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2012.06.10 17:00:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2008.07.23 10:00:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2012.04.15 17:10:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2012.06.24 16:18:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2007.12.10 17:36:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CDZilla
[2012.01.20 13:11:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2007.12.23 22:27:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DataDesign
[2008.12.25 17:52:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\directx9
[2012.07.29 11:04:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.02.06 03:06:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2010.10.03 19:18:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.10 17:01:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EAC
[2008.01.18 23:18:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Flickr
[2008.06.11 13:57:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FLV Extract
[2012.07.27 11:07:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000
[2007.12.05 17:51:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!
[2008.04.14 22:05:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GARMIN
[2008.08.14 23:09:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg
[2011.08.17 15:58:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.01.05 18:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2008.01.13 18:26:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Haufe
[2008.04.14 21:33:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HotSync
[2010.06.11 21:37:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.06.08 16:43:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JAM Software
[2007.12.02 15:07:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jasc
[2009.10.27 16:20:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JonDo
[2010.01.22 00:51:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jumping Bytes
[2008.01.10 21:16:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\klickIdent
[2008.01.11 20:10:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\klickTel
[2008.04.14 21:45:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2009.09.04 17:28:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leawo
[2007.12.02 13:06:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware
[2009.06.02 12:23:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mathegrafix
[2010.01.22 18:34:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobile Master
[2012.02.06 02:26:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Moyea
[2012.07.27 11:11:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2008.07.28 21:51:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MPEG Streamclip
[2011.02.27 15:24:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MrJobs
[2012.01.08 03:35:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2010.01.11 14:53:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2007.12.31 16:19:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF reDirect
[2008.08.12 23:38:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PGP Corporation
[2011.07.26 23:43:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software.com
[2008.01.07 19:29:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sonavis
[2007.12.03 00:45:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online
[2007.12.09 14:57:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2012.03.19 20:28:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2008.07.24 15:38:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TVcentral-Core
[2012.04.28 12:22:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2012.07.26 10:00:00 | 000,001,160 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004Core.job
[2012.07.29 01:00:00 | 000,001,182 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004UA.job
[2012.07.29 10:31:00 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.29 11:40:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8FFE2620-F3A6-4A3D-8DE1-28BB43424C7F}.job
[2012.07.29 11:42:11 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B3D2BDFD-4BCC-4E26-A292-781810C0B8D0}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 732 bytes -> C:\Users\***\Documents\sperrtermine.eml:OECustomProperty

< End of report >

cosinus · 30.07.2012, 13:51

Zitat:

Beim Update auf die neue Version des VLC-Players habe ich sorgfältig die Häkchen bei "Wollen Sie die unnütze Incredibar installieren?" entfernt, trotzdem änderte sich nach dem nächsten Klick das Browserfenster meines FF und seitdem werde ich das Ding nicht mehr los.

Das hat man davon, wenn man Software nicht von der originalen Quelle sondern von so einem Scheiß wie Softonic bezieht!

Vermüllte Software von Softonic scheint gerade stark in Mode zu sein!

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

hoochiecoo · 31.07.2012, 12:26

Vielen Dank für Deine Hilfe!

Leider habe ich ein Problem mit den Programmen: Malwarebytes bleibt nach unterschiedlichen Zeiten mitsamt dem Betriebssystem hängen, es hilft dann nur noch der Aus-Schalter (Ich hab's die ganz Nacht immer wieder probiert).
Immerhin wurden zwei Dateien gefunden und unter Qurantäne gestellt:
C:\Windows\System32\ALZALZ.BIN
und
C:\Windows\System32\ALZZip.BIN

Sollte ich diese Dateien von Malwarebytes entfernen lassen?

Eine Log-Datei des Scanvorgangs finde ich nicht, es gibt nur
protection-log-2012-07-31.txt
und
protection-log-2012-07-30.txt
und die enthalten scheinbar hauptsächlich meinen Usernamen und den Computernamen in vielen Wiederholungen.

ESET schliesslich bietet scheinbar keine Möglichkeit, Ordner von der Suche auzuschliessen. Ich habe zur Zeit den Eindruck, dass der Scan mehrere Tage und Nächte dauern wird, bis ESET sich durch die - trotz guter Vorsätze - immer noch unsortierten Fotos der letzten 10 Jahre gewühlt hat. Wie ich meinen PC kenne, wird der das nicht ohne Absturz durchhalten bis zum Ende.

Hast Du einen Tipp für mich?

Danke und viele Grüße!

cosinus · 31.07.2012, 14:22

Lass die Dateien in Quarantäne! Man muss nicht immer alles voreilig aus der Quarantäne entfernen, was meinst du wohl warum es Quarantäne heißt

Probier die Scans bitte im abgesicherten Modus mit Netzwerktreibern nochmal, vllt laufen sie da komplett durch

So kommt du in diesen Modus:

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

hoochiecoo · 31.07.2012, 16:46

Ging doch schneller mit ESET als ich befürchtet hatte:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a8b320d5d9afbf4080fd85e9bc0e4002
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-31 03:21:08
# local_time=2012-07-31 05:21:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 6634093 6634093 0 0
# compatibility_mode=5892 16776573 100 100 115644 181264395 0 0
# compatibility_mode=8192 67108863 100 0 244 244 0 0
# scanned=501112
# found=10
# cleaned=0
# scan_time=16400
C:\Program Files\PSPad Toolbar\UninstallToolbar.exe	Win32/Somoto application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Hanna\AppData\Local\Temp\jar_cache2919297978015288110.tmp	probably a variant of Java/Exploit.CVE-2010-0840.AQ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\26ff82f6-4ef5e53c	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\7ddd93f-16023822	a variant of Java/TrojanDownloader.Agent.AD trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\Local\Temp\MyBabylonTB.exe	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\51063600-2f8058a7	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\41816953-1050b0a3	Java/Agent.DU trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\170f55e-29623fa2	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\52d04023-5f29c355	a variant of Java/Agent.DU trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\7701566-1e5f2e2a	a variant of Java/Exploit.Agent.NCD trojan (unable to clean)	00000000000000000000000000000000	I

Malwarebytes im abgesicherten Modus probiere ich als nächstes.

Danke für Deinen Rat!
Im abgesicherten Modus ist Malwarebytes problemlos durchgelaufen. Jetzt wurden auch die beiden Dateien C:\Windows\System32\ALZALZ.BIN und C:\Windows\System32\ALZZip.BIN erfolgreich aus dem system32-Ordner entfernt.

Hier nun die Log-Datei:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.31.10

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.19272
*** :: +++ [Administrator]

Schutz: Deaktiviert

31.07.2012 18:05:20
mbam-log-2012-07-31 (18-05-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 922199
Laufzeit: 1 Stunde(n), 55 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Windows\System32\ALZALZ.BIN (Spyware.Passwords) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\ALZZip.BIN (Spyware.Passwords) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus · 31.07.2012, 20:25

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

hoochiecoo · 31.07.2012, 21:08

Hi Arne!

Hier das Logfile. Ich hab AdwCleaner ebenfalls im abgesicherten Modus laufen lassen - ich hoffe, das war richtig?

Code:

ATTFilter

# AdwCleaner v1.703 - Logfile created 07/31/2012 at 21:52:52
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : *** - +++
# Running from : C:\Users\***\Desktop\adwcleaner(1).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19272

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nsoopf0p.default\prefs.js

[OK] File is clean.

Profile name : Standard-Benutzer [Profil par défaut]
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0sm4g0h5.Standard-Benutzer\prefs.js

Found : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb174?a=6R8AjsBoor&loc=FF_NT");

Profile name : default 
File : C:\Users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\klvoa31d.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [1310 octets] - [31/07/2012 21:52:52]

########## EOF - C:\AdwCleaner[R2].txt - [1438 octets] ##########

Viele Grüße
Harald

Ich habe inzwischen mal versucht, den Eintrag mit AdwCleaner zu entfernen. Er hat mir auch nach dem Windows-Neustart die erfolgreiche Entfernung gemeldet und ich wollte mich schon freuen - aber beim nächsten Aufruf des Firefox war das Problem wieder da wie vorher (siehe die beiden Logfiles unten).

IE und Chrome scheinen aber sauber zu sein, die funktionieren jetzt wieder normal.

Code:

ATTFilter

# AdwCleaner v1.703 - Logfile created 08/01/2012 at 15:05:30
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : *** - +++
# Running from : C:\Users\***\Desktop\adwcleaner(1).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19272

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nsoopf0p.default\prefs.js

[OK] File is clean.

Profile name : Standard-Benutzer [Profil par défaut]
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0sm4g0h5.Standard-Benutzer\prefs.js

[OK] File is clean.

Profile name : default 
File : C:\Users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\klvoa31d.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [1439 octets] - [31/07/2012 21:52:52]
AdwCleaner[R3].txt - [1499 octets] - [01/08/2012 12:19:13]
AdwCleaner[S2].txt - [1561 octets] - [01/08/2012 12:19:59]
AdwCleaner[R4].txt - [1619 octets] - [01/08/2012 14:41:56]
AdwCleaner[R5].txt - [1679 octets] - [01/08/2012 14:55:50]
AdwCleaner[S3].txt - [1741 octets] - [01/08/2012 14:56:14]
AdwCleaner[R6].txt - [1587 octets] - [01/08/2012 15:05:30]

########## EOF - C:\AdwCleaner[R6].txt - [1715 octets] ##########

Code:

ATTFilter

# AdwCleaner v1.703 - Logfile created 08/01/2012 at 15:07:23
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : *** - +++
# Running from : C:\Users\***\Desktop\adwcleaner(1).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19272

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nsoopf0p.default\prefs.js

[OK] File is clean.

Profile name : Standard-Benutzer [Profil par défaut]
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0sm4g0h5.Standard-Benutzer\prefs.js

Found : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb174?a=6R8AjsBoor&loc=FF_NT");

Profile name : default 
File : C:\Users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\klvoa31d.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [1439 octets] - [31/07/2012 21:52:52]
AdwCleaner[R3].txt - [1499 octets] - [01/08/2012 12:19:13]
AdwCleaner[S2].txt - [1561 octets] - [01/08/2012 12:19:59]
AdwCleaner[R4].txt - [1619 octets] - [01/08/2012 14:41:56]
AdwCleaner[R5].txt - [1679 octets] - [01/08/2012 14:55:50]
AdwCleaner[S3].txt - [1741 octets] - [01/08/2012 14:56:14]
AdwCleaner[R6].txt - [1716 octets] - [01/08/2012 15:05:30]
AdwCleaner[R7].txt - [1730 octets] - [01/08/2012 15:07:23]

########## EOF - C:\AdwCleaner[R7].txt - [1858 octets] ##########

Durch ESET (siehe aktuelle Logdatei unten) habe ich diese Datei gefunden:

C:\Program Files\PSPad Toolbar\UninstallToolbar.exe
Die PSPad Toolbar lässt sich leider nicht deinstallieren, weder über Programme/Funktionen noch per CCleaner

Ausserdem gibt es folgende Dateien, die alle zur gleichen Zeit installiert wurden, als mein Problem begann:

C:\Users\***\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\***\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\***\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\***\AppData\Local\Temp\incredibar_installer.exe
C:\Users\***\AppData\Local\Temp\did.xml
C:\Users\***\AppData\Local\Temp\ppd.xml
C:\Users\***\AppData\Local\Temp\upn2.xml

Wie werde ich die am besten los?

Und was ist dieses neu aufgetauchte
Zylom-Installer_PflanzengegenZombies_DE.exe Win32/OpenCandy application ?
Gefährlich? Oder ein Fehlalarm?

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a8b320d5d9afbf4080fd85e9bc0e4002
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-31 03:21:08
# local_time=2012-07-31 05:21:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 6634093 6634093 0 0
# compatibility_mode=5892 16776573 100 100 115644 181264395 0 0
# compatibility_mode=8192 67108863 100 0 244 244 0 0
# scanned=501112
# found=10
# cleaned=0
# scan_time=16400
C:\Program Files\PSPad Toolbar\UninstallToolbar.exe	Win32/Somoto application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Hanna\AppData\Local\Temp\jar_cache2919297978015288110.tmp	probably a variant of Java/Exploit.CVE-2010-0840.AQ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\26ff82f6-4ef5e53c	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\7ddd93f-16023822	a variant of Java/TrojanDownloader.Agent.AD trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\Local\Temp\MyBabylonTB.exe	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\51063600-2f8058a7	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\41816953-1050b0a3	Java/Agent.DU trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\170f55e-29623fa2	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\52d04023-5f29c355	a variant of Java/Agent.DU trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\7701566-1e5f2e2a	a variant of Java/Exploit.Agent.NCD trojan (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a8b320d5d9afbf4080fd85e9bc0e4002
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-01 04:58:45
# local_time=2012-08-01 06:58:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 6729593 6729593 0 0
# compatibility_mode=5892 16776573 100 100 11512 181359895 0 0
# compatibility_mode=8192 67108863 100 0 95744 95744 0 0
# scanned=415756
# found=12
# cleaned=0
# scan_time=13158
C:\Program Files\PSPad Toolbar\UninstallToolbar.exe	Win32/Somoto application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Hanna\AppData\Local\Temp\jar_cache2919297978015288110.tmp	probably a variant of Java/Exploit.CVE-2010-0840.AQ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\26ff82f6-4ef5e53c	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\7ddd93f-16023822	a variant of Java/TrojanDownloader.Agent.AD trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Hanna\Downloads\Zylom-Installer_PflanzengegenZombies_DE(1).exe	Win32/OpenCandy application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Hanna\Downloads\Zylom-Installer_PflanzengegenZombies_DE.exe	Win32/OpenCandy application (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\Local\Temp\MyBabylonTB.exe	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\51063600-2f8058a7	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\41816953-1050b0a3	Java/Agent.DU trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\170f55e-29623fa2	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\52d04023-5f29c355	a variant of Java/Agent.DU trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\7701566-1e5f2e2a	a variant of Java/Exploit.Agent.NCD trojan (unable to clean)	00000000000000000000000000000000	I

cosinus · 01.08.2012, 19:36

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

hoochiecoo · 01.08.2012, 19:51

1. Ja, bis auf die neuen Tabs im Firefox, die immer noch per Incredibar geöffnet werden.

2. Vermissen tu ich nichts. Da sind zwar 2 leere Ordner ("Jack B nymble v2" und "OE-Quote Fix") , aber die können auch schon seit Jahren leer sein, da habe ich schon ewig nicht mehr reingeschaut.

cosinus · 02.08.2012, 14:32

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

hoochiecoo · 04.08.2012, 00:14

Mein Computer ist jetzt symptomfrei. Nachdem ich das Firefox-Profil zurückgesetzt habe, werden die neuen Tabs wieder ohne Incredibar geöffnet.

C:\Program Files\PSPad Toolbar\UninstallToolbar.exe
habe ich, da es sich nicht deinstallieren liess, mit CCleaner gelöscht und anschliessend die Registry reparieren lassen.

C:\Users\***\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\***\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\***\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\***\AppData\Local\Temp\incredibar_installer.exe
C:\Users\***\AppData\Local\Temp\did.xml
C:\Users\***\AppData\Local\Temp\ppd.xml
C:\Users\***\AppData\Local\Temp\upn2.xml

habe ich ebenfalls mit CCleaner gelöscht.

Hier das aktuelle Logfile:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 03.08.2012 18:04:38 - Run 2
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,25% Memory free
6,21 Gb Paging File | 4,69 Gb Available in Paging File | 75,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 8,06 Gb Free Space | 1,81% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 8,44 Gb Free Space | 42,23% Space Free | Partition Type: FAT32
 
Computer Name: +++ | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.03 17:58:45 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.06.26 13:10:30 | 001,516,632 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2012.06.21 05:01:58 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012.06.11 19:19:36 | 000,468,992 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.06.11 19:19:02 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012.06.11 11:33:26 | 000,724,376 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.06.11 11:33:14 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012.06.11 11:33:06 | 000,126,872 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 07:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011.10.15 10:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.10.15 10:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.10.12 15:47:06 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010.08.26 16:53:46 | 000,687,104 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\ACPService.exe
PRC - [2010.08.26 16:53:22 | 000,765,952 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\ACPGUI.dll
PRC - [2009.05.05 15:16:00 | 000,058,112 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.18 14:56:32 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2008.11.07 17:43:36 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008.11.07 17:39:36 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008.07.21 17:32:08 | 000,087,336 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe
PRC - [2008.07.10 10:52:58 | 000,040,960 | ---- | M] (sonix) -- C:\Windows\PLF2050.exe
PRC - [2008.05.21 10:36:08 | 000,103,992 | ---- | M] (PGP Corporation) -- C:\Windows\System32\PGPserv.exe
PRC - [2008.05.07 16:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.02 15:27:18 | 000,684,032 | ---- | M] (Sonix) -- C:\Windows\vspc2050.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.10.19 17:42:38 | 000,290,909 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2007.10.19 17:42:38 | 000,114,779 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2007.10.19 17:42:02 | 000,155,648 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
PRC - [2007.10.09 00:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.09 00:19:20 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.07 01:26:10 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HomeCinema\PlayMovie\PMVService.exe
PRC - [2007.06.27 10:18:40 | 000,215,256 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
PRC - [2007.06.27 10:18:20 | 000,293,080 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
PRC - [2007.06.27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2007.06.27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe
PRC - [2007.06.27 10:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
PRC - [2007.06.27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
PRC - [2007.06.27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
PRC - [2007.06.27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
PRC - [2007.06.27 10:14:40 | 000,439,512 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2007.06.27 10:13:56 | 000,268,504 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
PRC - [2007.04.13 18:14:28 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
PRC - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe
PRC - [2007.02.12 11:46:34 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.26 13:11:10 | 000,345,688 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2012.06.26 13:11:08 | 000,282,200 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2012.06.26 13:11:02 | 008,197,208 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2012.06.26 13:11:00 | 002,302,040 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2012.06.26 13:10:58 | 000,202,328 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2012.06.26 13:10:58 | 000,027,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2012.06.13 14:03:49 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9104e78d8897df008eed3a2af3bda6a2\WindowsFormsIntegration.ni.dll
MOD - [2012.06.13 14:02:08 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012.06.13 13:42:13 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.13 13:42:00 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.13 13:41:39 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012.06.13 13:39:10 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012.06.11 18:24:32 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2012.06.11 12:45:06 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012.05.09 01:40:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.09 01:39:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.09 01:32:28 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.09 01:31:00 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012.05.09 01:30:38 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll
MOD - [2012.05.09 01:28:56 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.05.09 01:28:52 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.09 01:28:13 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.04.04 07:54:04 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.08.26 16:53:50 | 000,357,888 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\Resources.dll
MOD - [2010.08.26 16:53:34 | 000,898,048 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\ACPPlugins.dll
MOD - [2010.08.26 16:53:22 | 000,765,952 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\ACPGUI.dll
MOD - [2010.08.26 16:52:02 | 000,470,016 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\ACP_Lib.dll
MOD - [2010.08.26 16:51:32 | 000,166,912 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\ACPSharedTypes.dll
MOD - [2010.08.26 16:51:22 | 000,315,904 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\Common.dll
MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.02.25 03:16:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2007.10.19 17:42:34 | 000,339,968 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLTinyDB.dll
MOD - [2007.10.19 17:42:20 | 000,245,858 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll
MOD - [2007.10.19 17:42:20 | 000,114,780 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLSchMgr.dll
MOD - [2007.10.19 17:42:20 | 000,032,768 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.19 16:20:24 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.21 05:01:58 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.06.11 19:19:02 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.06.11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.08.26 16:53:46 | 000,687,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Philips\CamSuite\2.0.15.0\ACPService.exe -- (ACPService)
SRV - [2009.06.13 19:47:02 | 000,068,760 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008.11.07 17:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.05.21 10:36:08 | 000,103,992 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Windows\System32\PGPserv.exe -- (PGPserv)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.19 17:42:38 | 000,290,909 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc)
SRV - [2007.10.19 17:42:38 | 000,114,779 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched)
SRV - [2007.10.09 00:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.06.27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2007.06.27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe -- (QualityManager)
SRV - [2007.06.27 10:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2007.06.27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2007.06.27 10:15:28 | 000,039,640 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE)
SRV - [2007.06.27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2007.06.27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore)
SRV - [2007.06.27 10:13:56 | 000,268,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2007.02.12 11:46:34 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - File not found [File_System | Boot | Running] --  -- (MFX)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.06.11 20:58:44 | 008,733,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2012.06.11 20:58:44 | 008,733,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.06.11 18:25:48 | 000,295,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.06.11 11:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.02.23 14:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2012.01.09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.11.07 12:33:59 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio)
DRV - [2010.08.27 14:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.10 10:44:48 | 000,022,328 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\DVDSYS32_100507.sys -- (MSI_DVD_010507)
DRV - [2010.05.10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010.05.10 10:44:36 | 000,016,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\VGASYS32_100507.sys -- (MSI_VGASYS_010507)
DRV - [2010.03.26 01:17:20 | 000,220,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2010.01.29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009.12.18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009.09.24 09:30:02 | 001,006,816 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009.04.14 12:03:05 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaura.sys -- (avmaura)
DRV - [2009.03.18 14:56:06 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/07/23 11:50:55] [Kernel | Auto | Running] -- C:\Program Files\HomeCinema\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2009.01.20 12:16:54 | 003,002,240 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\spc2050.sys -- (SPC2050)
DRV - [2008.09.26 10:53:00 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.09.26 10:52:00 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.05.21 10:36:16 | 000,204,856 | ---- | M] (PGP Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PGPwded.sys -- (PGPwded)
DRV - [2008.05.21 10:36:06 | 000,040,504 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPsdk.sys -- (PGPsdkDriver)
DRV - [2008.05.21 10:35:52 | 000,115,768 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\PGPfsfd.sys -- (pgpfs)
DRV - [2008.05.21 10:35:48 | 000,245,816 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPdisk.sys -- (PGPdisk)
DRV - [2008.05.07 11:40:04 | 000,088,704 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\phaudlwr.sys -- (phaudlwr)
DRV - [2007.12.08 11:35:56 | 000,124,416 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Hanna\AppData\Local\Temp\PCD65X2.sys -- (PCD65X2)
DRV - [2007.12.08 11:35:56 | 000,120,320 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV65.sys -- (SSHDRV65)
DRV - [2007.12.04 18:10:30 | 000,016,640 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007.10.15 18:13:27 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007.10.11 12:21:34 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\HomeCinema\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2007.09.21 10:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.06.27 10:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007.05.07 03:00:00 | 000,537,600 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fpcibase.sys -- (FPCIBASE)
DRV - [2007.05.07 03:00:00 | 000,064,512 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2007.05.03 11:19:16 | 000,066,472 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\avmport.sys -- (AVMPORT)
DRV - [2007.02.18 20:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2007.01.17 14:30:00 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Spyder2.sys -- (Spyder2)
DRV - [2007.01.12 10:54:50 | 000,010,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Medion\BIOS\winflash192\WinFlash.sys -- (WINFLASH)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/pspad/{13A996AC-CE4E-4195-BF10-BE50CF0E8B77}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\SearchScopes\{2E819C12-E6DD-4389-95A2-6B615AC502D9}: "URL" = hxxp://www.exalead.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\SearchScopes\{3863119E-4268-4618-8BF4-42036694B287}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/pspad/{13A996AC-CE4E-4195-BF10-BE50CF0E8B77}?q={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\SearchScopes\{C3377DAF-0754-4C19-9715-B4069C6FA7BA}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\SearchScopes\{CDC8C8F1-1253-4D76-B776-E80775EC1B4E}: "URL" = hxxp://www.metager.de/meta/cgi-bin/meta.ger1?wissRank=on&sprueche=on&eingabe={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\SearchScopes\{E4B4DBFA-02EE-4D98-9161-0DF4EE6ABDB7}: "URL" = hxxp://search.ebay.de/search/search.dll?satitle={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..\SearchScopes,DefaultScope = {2E819C12-E6DD-4389-95A2-6B615AC502D9}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..\SearchScopes\{2E819C12-E6DD-4389-95A2-6B615AC502D9}: "URL" = hxxp://www.exalead.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..\SearchScopes\{C3377DAF-0754-4C19-9715-B4069C6FA7BA}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..\SearchScopes\{CDC8C8F1-1253-4D76-B776-E80775EC1B4E}: "URL" = hxxp://www.metager.de/meta/cgi-bin/meta.ger1?wissRank=on&sprueche=on&eingabe={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..\SearchScopes\{E4B4DBFA-02EE-4D98-9161-0DF4EE6ABDB7}: "URL" = hxxp://search.ebay.de/search/search.dll?satitle={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\palmOne\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.04.23 01:26:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.16 21:09:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.21 19:35:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.06.19 15:48:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2012.07.14 12:04:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 16:20:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.23 01:51:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.16 21:09:48 | 000,000,000 | ---D | M]
 
[2012.03.19 20:28:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.03.19 20:28:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2009.11.08 19:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\uploadr@flickr.com
[2012.08.02 08:15:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iqywoth5.default-1343886510233\extensions
[2012.08.02 08:05:10 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iqywoth5.default-1343886510233\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2012.08.02 08:01:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iqywoth5.default-1343886510233\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.08.02 08:10:29 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iqywoth5.default-1343886510233\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012.08.02 08:15:38 | 000,000,000 | ---D | M] (ViewSourceWith) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iqywoth5.default-1343886510233\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}
[2012.08.02 08:11:06 | 000,000,000 | ---D | M] (Perspectives) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iqywoth5.default-1343886510233\extensions\perspectives@cmu.edu
[2012.07.19 16:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions
[2010.04.27 10:27:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.02.12 18:44:08 | 000,000,000 | ---D | M] (Copy Plain Text) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
[2011.05.15 10:31:07 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.08.09 18:25:05 | 000,000,000 | ---D | M] (Operator) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{95C9A302-8557-4052-91B7-2BB6BA33C885}
[2010.10.03 19:18:42 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.02 13:47:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.01.11 17:45:15 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2010.01.10 04:08:09 | 000,000,000 | ---D | M] (surfclarity) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{DFBEBDA6-4BFF-46E3-A968-5CCAE63E747A}
[2012.06.02 13:47:16 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010.01.27 13:46:54 | 000,000,000 | ---D | M] (Plain Text Links) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}
[2012.01.05 08:17:26 | 000,000,000 | ---D | M] (ViewSourceWith) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}
[2009.02.12 18:44:06 | 000,000,000 | ---D | M] ("Better YouTube") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\betteryoutube@ginatrapani.org
[2012.06.27 18:50:14 | 000,000,000 | ---D | M] (Perspectives) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\perspectives@cmu.edu
[2010.02.01 01:29:09 | 000,000,000 | ---D | M] ("SSL Blacklist") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\sslblacklist@codefromthe70s.org
[2012.03.18 20:11:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.07.19 16:20:25 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007.02.05 00:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012.03.18 20:11:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.18 20:11:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.18 20:11:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.18 20:11:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.18 20:11:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.18 20:11:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: about:blank
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: about:blank
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\gears.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: LizardTech DjVu (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\palmOne\PACKAG~1\NPInstal.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011.06.11 14:22:41 | 000,000,763 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O3 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PLF2050] C:\Windows\PLF2050.exe (sonix)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [spc2050] C:\Windows\vspc2050.exe (Sonix)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKU\S-1-5-18..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003..\Run: [AVMUSBFernanschluss] C:\Users\IUSR_NMPR\AppData\Local\Apps\2.0\NV4B77TJ.RLV\ZA3RV21M.ADH\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf149dd7a141\AVMAutoStart.exe File not found
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide File not found
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003..\Run: [Facebook Update] C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003..\Run: [GMX SMS-Manager] C:\Program Files\GMX\GMX SMS-Manager\SMSMngr.exe File not found
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004..\Run: [AVMUSBFernanschluss] C:\Users\***\AppData\Local\Apps\2.0\NV4B77TJ.RLV\ZA3RV21M.ADH\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004..\Run: [Facebook Update] C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2008.12.06 03:36:40 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!fax.lnk = C:\Program Files\FRITZ!\FriFax32.exe (AVM Berlin)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hamster.lnk = C:\Program Files\hamster\Hamster.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ISDNWatch.lnk = C:\Program Files\FRITZ!\IWatch.exe (AVM Berlin)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\klickIdent 19.lnk = C:\Program Files\klickIdent Herbst 2007\klickIdentPP.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telefon- und Branchenbuch Herbst 2007 - Schnellstarter.lnk = C:\Program Files\klickTel\Telefon- und Branchenbuch Herbst 2007\KSTART32.EXE (klickTel AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PGPlsp.dll (PGP Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\PGPlsp.dll (PGP Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..Trusted Domains: apemap.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..Trusted Domains: meine-domain.de ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..Trusted Domains: elsteronline.de ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..Trusted Domains: fernuni-hagen.de ([ca] https in Trusted sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..Trusted Domains: apemap.com ([]http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..Trusted Domains: com ([www.msi] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..Trusted Domains: com.tw ([asia.msi] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..Trusted Domains: com.tw ([global.msi] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..Trusted Domains: meine-domain.de ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..Trusted Domains: elsteronline.de ([www] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..Trusted Domains: fernuni-hagen.de ([ca] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..Trusted Domains: microsoft.com ([www.update] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{365D6CE8-3EB7-4D59-9B24-20AA50C5C322}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74B45BF2-3149-4401-821E-193CB8EF9E3D}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: GameShadow - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: LexwareInfoService - hkey= - key= - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
MsConfig - StartUpReg: MMAgent - hkey= - key= - C:\Program Files\Mobile Master\MMAgent.exe (Jumping Bytes)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.WMV3 - C:\Windows\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.x264 - C:\Windows\System32\x264vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.03 17:58:41 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.03 17:28:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2012.08.01 21:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.08.01 21:13:34 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Simply Super Software
[2012.08.01 21:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.07.31 12:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.30 16:11:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.07.30 16:10:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.30 16:10:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.30 16:10:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.30 16:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.30 03:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.07.30 03:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.07.30 03:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.07.30 03:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.07.28 18:18:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.07.28 03:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012.07.27 11:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2012.07.23 01:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.07.14 18:00:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations
[2012.07.14 12:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2012.07.14 12:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite
[2012.07.14 12:03:15 | 000,019,072 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2012.07.14 12:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012.07.14 11:41:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\dvdcss
[2012.07.08 10:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.07.08 10:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012.07.08 10:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2010.07.02 08:23:49 | 001,022,352 | ---- | C] (BitTorrent, Inc.) -- C:\Users\***\AppData\Local\uTorrent.exe
[2009.07.25 15:21:38 | 003,786,240 | ---- | C] (www.BabelStone.co.uk/Software/BabelMap.html) -- C:\Program Files\BabelMap.exe
[2009.02.16 14:03:05 | 000,520,192 | ---- | C] (Andrew Zhezherun) -- C:\Program Files\WinDjView-0.5.exe
[2008.07.28 21:58:00 | 000,953,344 | ---- | C] (Squared 5) -- C:\Program Files\MPEG_Streamclip.exe
[2008.07.28 14:22:38 | 000,237,568 | ---- | C] (Derrow/Decision Development) -- C:\Program Files\VobEdit.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.03 18:15:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8FFE2620-F3A6-4A3D-8DE1-28BB43424C7F}.job
[2012.08.03 18:12:38 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B3D2BDFD-4BCC-4E26-A292-781810C0B8D0}.job
[2012.08.03 17:58:45 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.03 17:28:56 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.03 17:28:43 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.03 17:28:43 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.03 17:28:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.03 17:28:34 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.03 16:00:01 | 000,001,182 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004UA.job
[2012.08.03 15:23:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.03 15:21:00 | 000,001,164 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004UA.job
[2012.08.02 18:21:03 | 000,397,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.02 18:21:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004Core.job
[2012.08.02 11:35:55 | 000,002,716 | ---- | M] () -- C:\Users\***\Documents\cc_20120802_113545.reg
[2012.08.02 11:29:33 | 001,022,352 | ---- | M] (BitTorrent, Inc.) -- C:\Users\***\AppData\Local\uTorrent.exe
[2012.08.02 07:21:35 | 000,000,824 | ---- | M] () -- C:\Users\***\Documents\cc_20120802_072120.reg
[2012.08.02 07:16:52 | 000,004,548 | ---- | M] () -- C:\Users\***\Documents\cc_20120802_071639.reg
[2012.08.02 06:52:01 | 000,015,532 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2012.08.01 19:12:59 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.08.01 10:33:12 | 000,681,218 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.01 10:33:12 | 000,640,270 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.01 10:33:12 | 000,148,594 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.01 10:33:12 | 000,122,258 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.30 16:10:35 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.30 03:36:20 | 000,001,628 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.29 11:27:00 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.07.29 03:10:59 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20120729_031051.reg
[2012.07.29 00:56:53 | 000,254,616 | ---- | M] () -- C:\Users\***\Documents\cc_20120729_005608.reg
[2012.07.28 03:22:35 | 000,000,454 | ---- | M] () -- C:\user.js
[2012.07.28 02:48:10 | 000,032,768 | ---- | M] () -- C:\Users\***\places.sqlite-shm
[2012.07.28 02:45:56 | 000,531,512 | ---- | M] () -- C:\Users\***\places.sqlite-wal-default
[2012.07.28 02:45:06 | 000,391,432 | ---- | M] () -- C:\Users\***\places.sqlite-wal
[2012.07.28 01:58:03 | 000,000,805 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012.07.27 11:50:03 | 000,037,888 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.27 11:12:22 | 000,000,740 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2012.07.26 10:00:00 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004Core.job
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.02 11:35:52 | 000,002,716 | ---- | C] () -- C:\Users\***\Documents\cc_20120802_113545.reg
[2012.08.02 07:21:25 | 000,000,824 | ---- | C] () -- C:\Users\***\Documents\cc_20120802_072120.reg
[2012.08.02 07:16:43 | 000,004,548 | ---- | C] () -- C:\Users\***\Documents\cc_20120802_071639.reg
[2012.08.01 19:41:44 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.30 16:10:35 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.30 03:36:20 | 000,001,628 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.29 11:27:00 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.07.29 03:10:55 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20120729_031051.reg
[2012.07.29 00:56:15 | 000,254,616 | ---- | C] () -- C:\Users\***\Documents\cc_20120729_005608.reg
[2012.07.28 18:16:24 | 000,001,164 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004UA.job
[2012.07.28 18:16:23 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004Core.job
[2012.07.28 03:22:34 | 000,000,454 | ---- | C] () -- C:\user.js
[2012.07.28 02:48:08 | 000,032,768 | ---- | C] () -- C:\Users\***\places.sqlite-shm
[2012.07.28 02:45:55 | 000,531,512 | ---- | C] () -- C:\Users\***\places.sqlite-wal-default
[2012.07.28 02:45:04 | 000,391,432 | ---- | C] () -- C:\Users\***\places.sqlite-wal
[2012.06.29 01:51:14 | 011,632,640 | ---- | C] () -- C:\Users\***\AppData\Roaming\Sandra.mdb
[2012.06.29 01:51:14 | 000,000,064 | ---- | C] () -- C:\Users\***\AppData\Roaming\Sandra.ldb
[2012.06.11 13:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.04.29 16:21:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.12 21:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.10.12 21:28:52 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.09.13 18:30:37 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.09.13 18:30:37 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.09.13 18:30:37 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.09.13 18:30:37 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.09.13 18:30:37 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.09.13 18:30:37 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.09.13 18:30:37 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.09.13 18:30:36 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.09.13 18:30:36 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.09.13 18:30:36 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.09.13 18:30:36 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.09.13 18:30:36 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.09.13 18:30:36 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.09.13 18:30:36 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.09.13 18:30:36 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.09.13 18:30:36 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.09.13 18:30:36 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.09.13 18:30:36 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.09.13 18:30:36 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.08.17 15:58:59 | 000,001,518 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2011.07.17 12:22:10 | 000,015,532 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.11.10 19:40:16 | 000,000,483 | ---- | C] () -- C:\ProgramData\CamSuite.ini
[2010.09.18 17:44:11 | 003,002,240 | ---- | C] () -- C:\Windows\System32\drivers\spc2050.sys
[2010.09.18 17:44:11 | 000,851,968 | ---- | C] () -- C:\Windows\System32\Dll_Volume_Ctrl.dll
[2010.09.18 17:44:11 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\cspc2050.dll
[2010.09.18 17:44:11 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\spc2050c.sys
[2010.09.18 17:44:11 | 000,015,497 | ---- | C] () -- C:\Windows\spc2050.ini
[2010.08.16 21:09:29 | 000,023,689 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.08.16 21:07:02 | 000,078,213 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010.06.15 10:28:00 | 051,206,459 | ---- | C] () -- C:\Users\***\gutschein.pspimage
[2010.02.26 09:45:14 | 000,350,720 | ---- | C] () -- C:\Program Files\hjsplit.exe
[2009.02.04 16:32:33 | 002,658,495 | ---- | C] () -- C:\Users\***\moltovitale-tour-2008-10-09-134.jpg
[2008.12.14 15:08:54 | 001,527,924 | -H-- | C] () -- C:\Users\***\ZbThumbnail.info
[2008.07.31 11:01:34 | 000,025,197 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2008.07.29 13:37:27 | 000,000,580 | ---- | C] () -- C:\Users\***\AppData\Roaming\AutoGK.ini
[2008.07.28 21:58:01 | 000,078,825 | ---- | C] () -- C:\Program Files\MPEG Streamclip Guide.rtf
[2008.07.23 09:07:52 | 007,100,928 | ---- | C] () -- C:\Program Files\PocketDivXEncoder_0.3.96.exe
[2008.03.14 12:35:49 | 000,384,199 | ---- | C] () -- C:\Users\***\jap.conf
[2007.12.26 22:21:15 | 000,000,198 | ---- | C] () -- C:\Users\***\AppData\Roaming\default.pls
[2007.12.25 22:07:06 | 000,001,024 | ---- | C] () -- C:\Users\***\.rnd
[2007.12.10 10:20:12 | 000,037,888 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.09 14:56:52 | 000,000,326 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2007.12.01 18:57:16 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.12.01 17:17:12 | 000,000,104 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
 
========== LOP Check ==========
 
[2011.10.06 18:42:04 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Amazon
[2012.03.24 10:17:46 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Audacity
[2010.01.12 17:17:36 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Broad Intelligence
[2007.12.07 19:42:48 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Canon
[2012.06.24 21:07:18 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\FLV Extract
[2012.02.13 21:32:07 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\FOG Downloader
[2008.05.30 13:17:39 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\FRITZ!
[2011.06.04 22:39:58 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\gtk-2.0
[2008.05.10 11:14:57 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\HotSync
[2010.05.09 16:26:44 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\IrfanView
[2008.07.24 12:23:44 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\klickTel
[2008.07.24 12:24:15 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Lexware
[2012.07.23 19:10:13 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Mp3tag
[2010.02.11 03:21:02 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Nokia
[2011.01.16 21:41:49 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\PC Suite
[2011.02.03 20:54:10 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\PDF reDirect
[2007.12.07 19:36:29 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\T-Online
[2012.06.09 21:40:55 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\TomTom
[2011.09.10 20:56:41 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Ulead Systems
[2009.09.30 08:38:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2012.06.10 17:00:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2008.07.23 10:00:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2012.04.15 17:10:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2012.06.24 16:18:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2007.12.10 17:36:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CDZilla
[2012.01.20 13:11:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2007.12.23 22:27:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DataDesign
[2008.12.25 17:52:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\directx9
[2012.08.03 17:30:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.02.06 03:06:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2010.10.03 19:18:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.10 17:01:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EAC
[2008.01.18 23:18:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Flickr
[2008.06.11 13:57:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FLV Extract
[2012.08.03 14:57:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000
[2007.12.05 17:51:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!
[2008.04.14 22:05:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GARMIN
[2008.08.14 23:09:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg
[2011.08.17 15:58:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.01.05 18:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2008.01.13 18:26:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Haufe
[2008.04.14 21:33:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HotSync
[2010.06.11 21:37:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.06.08 16:43:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JAM Software
[2007.12.02 15:07:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jasc
[2009.10.27 16:20:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JonDo
[2010.01.22 00:51:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jumping Bytes
[2008.01.10 21:16:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\klickIdent
[2008.01.11 20:10:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\klickTel
[2008.04.14 21:45:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2009.09.04 17:28:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leawo
[2007.12.02 13:06:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware
[2009.06.02 12:23:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mathegrafix
[2010.01.22 18:34:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobile Master
[2012.02.06 02:26:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Moyea
[2012.07.27 11:11:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2008.07.28 21:51:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MPEG Streamclip
[2011.02.27 15:24:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MrJobs
[2012.01.08 03:35:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2010.01.11 14:53:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2007.12.31 16:19:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF reDirect
[2008.08.12 23:38:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PGP Corporation
[2011.07.26 23:43:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software.com
[2008.01.07 19:29:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sonavis
[2007.12.03 00:45:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online
[2007.12.09 14:57:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2012.03.19 20:28:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2008.07.24 15:38:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TVcentral-Core
[2012.08.02 11:36:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2007.12.06 02:30:56 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\FRITZ!
[2007.12.15 03:07:30 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\T-Online
[2008.10.29 20:51:42 | 000,000,000 | ---D | M] -- C:\Users\konto\AppData\Roaming\Lexware
[2008.10.30 16:44:15 | 000,000,000 | ---D | M] -- C:\Users\Konto.+++\AppData\Roaming\Lexware
[2008.11.08 00:38:07 | 000,000,000 | ---D | M] -- C:\Users\konto.+++.000\AppData\Roaming\Lexware
[2008.11.08 16:12:08 | 000,000,000 | ---D | M] -- C:\Users\konto.+++.001\AppData\Roaming\Lexware
[2008.11.09 22:27:16 | 000,000,000 | ---D | M] -- C:\Users\konto.+++.002\AppData\Roaming\Lexware
[2008.11.17 20:39:10 | 000,000,000 | ---D | M] -- C:\Users\konto.+++.003\AppData\Roaming\Lexware
[2008.11.19 21:12:25 | 000,000,000 | ---D | M] -- C:\Users\konto.+++.004\AppData\Roaming\Lexware
[2008.11.23 22:25:03 | 000,000,000 | ---D | M] -- C:\Users\konto.+++.005\AppData\Roaming\Lexware
[2008.11.26 21:14:59 | 000,000,000 | ---D | M] -- C:\Users\konto.+++.006\AppData\Roaming\Lexware
[2008.06.06 15:30:17 | 000,000,000 | ---D | M] -- C:\Users\Lupita\AppData\Roaming\FRITZ!
[2008.06.06 15:30:19 | 000,000,000 | ---D | M] -- C:\Users\Lupita\AppData\Roaming\HotSync
[2008.10.23 18:42:07 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Lexware
[2008.10.28 13:15:06 | 000,000,000 | ---D | M] -- C:\Users\Sandra.+++\AppData\Roaming\Lexware
[2012.07.26 10:00:00 | 000,001,160 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004Core.job
[2012.08.03 16:00:01 | 000,001,182 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004UA.job
[2012.08.03 16:14:15 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.03 18:15:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8FFE2620-F3A6-4A3D-8DE1-28BB43424C7F}.job
[2012.08.03 18:12:38 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B3D2BDFD-4BCC-4E26-A292-781810C0B8D0}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2007.12.03 18:29:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ABBYY
[2011.10.23 14:32:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AccurateRip
[2012.06.19 15:38:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2009.10.11 15:22:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ahead
[2009.09.30 08:38:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2011.10.06 01:20:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2007.12.03 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Arcsoft
[2012.04.29 16:33:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI
[2012.06.10 17:00:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2008.07.23 10:00:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2012.05.15 18:05:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2010.10.03 19:30:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVS4YOU
[2012.04.15 17:10:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2012.06.24 16:18:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2007.12.10 17:36:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CDZilla
[2012.01.20 13:11:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2009.01.18 12:18:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink
[2007.12.23 22:27:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DataDesign
[2008.12.25 17:52:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\directx9
[2010.10.26 12:29:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2012.08.03 17:30:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.07.14 11:41:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2012.02.06 03:06:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2010.10.03 19:18:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.10 17:01:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EAC
[2012.06.22 02:00:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ESTsoft
[2008.01.18 23:18:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Flickr
[2008.06.11 13:57:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FLV Extract
[2012.08.03 14:57:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000
[2007.12.05 17:51:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!
[2008.04.14 22:05:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GARMIN
[2008.08.14 23:09:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg
[2008.05.09 00:45:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google
[2007.12.01 17:17:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GTek
[2011.08.17 15:58:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.01.05 18:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2008.01.13 18:26:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Haufe
[2007.12.28 17:27:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Help
[2008.04.14 21:33:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HotSync
[2010.07.30 20:21:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HP
[2011.05.03 11:25:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HpUpdate
[2007.12.01 17:16:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2010.08.29 20:11:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2010.06.11 21:37:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.06.08 16:43:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JAM Software
[2007.12.02 15:07:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jasc
[2007.12.02 14:57:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jasc Software Inc
[2009.10.27 16:20:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JonDo
[2010.01.22 00:51:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jumping Bytes
[2008.01.10 21:16:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\klickIdent
[2008.01.11 20:10:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\klickTel
[2008.04.14 21:45:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2009.09.04 17:28:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leawo
[2007.12.02 13:06:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware
[2008.12.03 13:45:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logitech
[2007.12.01 19:09:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.07.30 16:11:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.06.02 12:23:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mathegrafix
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.03.09 00:17:35 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2008.01.09 21:58:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Microsoft Web Folders
[2010.01.22 18:34:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobile Master
[2012.02.06 02:26:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Moyea
[2008.08.27 00:02:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.07.27 11:11:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2008.07.28 21:51:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MPEG Streamclip
[2011.02.27 15:24:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MrJobs
[2007.12.23 17:05:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nero
[2012.01.08 03:35:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2011.11.11 10:13:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NVIDIA
[2008.01.10 01:42:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org2
[2010.01.11 14:53:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2007.12.31 16:19:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF reDirect
[2008.08.12 23:38:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PGP Corporation
[2010.06.15 12:12:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PSpad
[2007.12.10 10:32:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real
[2011.07.26 23:43:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software.com
[2008.01.07 19:29:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sonavis
[2007.12.04 00:00:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sun
[2007.12.03 00:45:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online
[2007.12.09 14:57:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2012.03.19 20:28:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2008.07.24 15:38:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TVcentral-Core
[2012.08.02 11:36:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2012.07.30 03:24:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2012.05.28 22:53:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
[2012.07.31 14:41:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZoomBrowser EX
 
< %APPDATA%\*.exe /s >
[2007.07.20 00:48:24 | 000,503,144 | ---- | M] (Microsoft Corporation) -- C:\Users\***\AppData\Roaming\directx9\DXSETUP.exe
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.04.26 23:14:02 | 000,872,016 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.06.13 13:44:36 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.04.25 14:16:38 | 014,852,504 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe
[2009.12.03 19:30:21 | 001,961,720 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2009.11.12 14:59:04 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\Foren.exe
[2009.11.12 14:59:04 | 000,000,766 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\htmledit.exe
[2009.05.17 03:02:38 | 000,284,646 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{53D03656-C329-44D5-9FAC-DAF85CED48DA}\ARPPRODUCTICON.exe
[2009.05.17 03:02:38 | 000,284,646 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{53D03656-C329-44D5-9FAC-DAF85CED48DA}\BOINCMGRLink_B65C4A4D2B2A46CCA2D918164C6297B8.exe
[2010.02.10 16:29:25 | 000,004,150 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{67D7824F-7277-4BB4-804F-9FBBC9C83E80}\_6FEFF9B68218417F98F549.exe
[2010.02.10 16:29:25 | 000,004,150 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{67D7824F-7277-4BB4-804F-9FBBC9C83E80}\_ABEB6FF2C1656D98E1C9E9.exe
[2010.02.10 16:29:28 | 000,004,150 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{67D7824F-7277-4BB4-804F-9FBBC9C83E80}\_AF02BFF1FEE698A28941B5.exe
[2011.02.09 01:22:48 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2008.07.23 16:26:40 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{A4E86B6A-6EEC-41FD-8960-26947F0E3353}\ARPPRODUCTICON.exe
[2009.04.16 21:24:08 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{D5C8E140-6E6F-11DD-9AA9-0050560400B1}\ARPPRODUCTICON.exe
[2010.02.10 17:58:46 | 000,001,078 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DCA0A35D-30F1-4ED0-971F-5FFD2F60BB08}\_140970B07C471344006034.exe
[2010.02.10 17:58:46 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DCA0A35D-30F1-4ED0-971F-5FFD2F60BB08}\_463E67FA4C71263B7FC89A.exe
[2010.02.10 17:58:46 | 000,001,078 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DCA0A35D-30F1-4ED0-971F-5FFD2F60BB08}\_6FEFF9B68218417F98F549.exe
[2010.02.10 17:58:46 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DCA0A35D-30F1-4ED0-971F-5FFD2F60BB08}\_D9282C461A99F45A4A0648.exe
[2008.12.25 17:52:42 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DDD636C2-2689-4E52-93ED-A79E86F8CCDB}\ARPPRODUCTICON.exe
[2008.12.25 17:52:42 | 000,069,478 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DDD636C2-2689-4E52-93ED-A79E86F8CCDB}\Deinstallieren_Bibi__DDD636C226894E5293EDA79E86F8CCDB.exe
[2008.12.25 17:52:42 | 000,008,854 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DDD636C2-2689-4E52-93ED-A79E86F8CCDB}\Lizenzvereinbarung.p_DDD636C226894E5293EDA79E86F8CCDB.exe
[2008.12.25 17:52:42 | 000,069,478 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DDD636C2-2689-4E52-93ED-A79E86F8CCDB}\NewShortcut2_DDD636C226894E5293EDA79E86F8CCDB.exe
[2008.12.25 17:52:42 | 000,069,478 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DDD636C2-2689-4E52-93ED-A79E86F8CCDB}\NewShortcut3_DDD636C226894E5293EDA79E86F8CCDB.exe
[2008.12.25 17:52:42 | 000,008,854 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DDD636C2-2689-4E52-93ED-A79E86F8CCDB}\readme.txt_DDD636C226894E5293EDA79E86F8CCDB.exe
[2008.12.25 17:52:42 | 000,008,854 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DDD636C2-2689-4E52-93ED-A79E86F8CCDB}\Spielanleitung.pdf_DDD636C226894E5293EDA79E86F8CCDB.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.04.17 10:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\drivers\atapi.sys
[2007.04.17 10:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007.04.17 10:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2008.02.13 11:47:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.13 11:47:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.13 11:47:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.02.13 11:47:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
[2009.12.02 17:12:14 | 000,044,032 | ---- | M] (Panasonic Corporation) MD5=C69C760478573085FA11243AE15E8A28 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO 5.0\Core\EventLog\EventLog.dll
[2004.12.13 11:37:30 | 000,028,791 | ---- | M] () MD5=CAD468899536326818AE00BF0A750F9C -- C:\altes Laufwerk D\Programme\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.10.09 00:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007.10.09 00:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\drivers\iaStor.sys
[2007.10.09 00:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1bb129e3\iaStor.sys
[2007.10.09 00:19:02 | 000,383,000 | ---- | M] (Intel Corporation) MD5=968BCEAD432CD478D0659FC95ED52170 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[1998.05.15 21:01:00 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=077D106406E4F08848BF3D9126321885 -- C:\altes Laufwerk C\WINDOWS\SYSTEM\USER32.DLL
[2007.09.26 14:10:24 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.09.26 14:10:25 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[1998.05.15 21:01:00 | 000,042,181 | ---- | M] () MD5=4B4201A7BE355B0648C10930E0141CA3 -- C:\altes Laufwerk C\WINDOWS\WININIT.EXE
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.06.11 19:20:02 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 732 bytes -> C:\Users\***\Documents\sperrtermine.eml:OECustomProperty
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

--- --- ---

hoochiecoo · 04.08.2012, 00:17

Mein Computer ist jetzt symptomfrei. Nachdem ich das Firefox-Profil zurückgesetzt habe, werden die neuen Tabs wieder ohne Incredibar geöffnet.

C:\Program Files\PSPad Toolbar\UninstallToolbar.exe
habe ich, da es sich nicht deinstallieren liess, mit CCleaner gelöscht und anschliessend die Registry reparieren lassen.

C:\Users\***\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\***\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\***\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\***\AppData\Local\Temp\incredibar_installer.exe
C:\Users\***\AppData\Local\Temp\did.xml
C:\Users\***\AppData\Local\Temp\ppd.xml
C:\Users\***\AppData\Local\Temp\upn2.xml

habe ich ebenfalls mit CCleaner gelöscht.

Hier das aktuelle Logfile:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 03.08.2012 18:04:38 - Run 2
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,25% Memory free
6,21 Gb Paging File | 4,69 Gb Available in Paging File | 75,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 8,06 Gb Free Space | 1,81% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 8,44 Gb Free Space | 42,23% Space Free | Partition Type: FAT32
 
Computer Name: +++ | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.03 17:58:45 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.06.26 13:10:30 | 001,516,632 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2012.06.21 05:01:58 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012.06.11 19:19:36 | 000,468,992 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.06.11 19:19:02 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012.06.11 11:33:26 | 000,724,376 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.06.11 11:33:14 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012.06.11 11:33:06 | 000,126,872 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 07:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011.10.15 10:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.10.15 10:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.10.12 15:47:06 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010.08.26 16:53:46 | 000,687,104 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\ACPService.exe
PRC - [2010.08.26 16:53:22 | 000,765,952 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\ACPGUI.dll
PRC - [2009.05.05 15:16:00 | 000,058,112 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.18 14:56:32 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2008.11.07 17:43:36 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008.11.07 17:39:36 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008.07.21 17:32:08 | 000,087,336 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe
PRC - [2008.07.10 10:52:58 | 000,040,960 | ---- | M] (sonix) -- C:\Windows\PLF2050.exe
PRC - [2008.05.21 10:36:08 | 000,103,992 | ---- | M] (PGP Corporation) -- C:\Windows\System32\PGPserv.exe
PRC - [2008.05.07 16:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.02 15:27:18 | 000,684,032 | ---- | M] (Sonix) -- C:\Windows\vspc2050.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.10.19 17:42:38 | 000,290,909 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2007.10.19 17:42:38 | 000,114,779 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2007.10.19 17:42:02 | 000,155,648 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
PRC - [2007.10.09 00:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.09 00:19:20 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.07 01:26:10 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HomeCinema\PlayMovie\PMVService.exe
PRC - [2007.06.27 10:18:40 | 000,215,256 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
PRC - [2007.06.27 10:18:20 | 000,293,080 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
PRC - [2007.06.27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2007.06.27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe
PRC - [2007.06.27 10:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
PRC - [2007.06.27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
PRC - [2007.06.27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
PRC - [2007.06.27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
PRC - [2007.06.27 10:14:40 | 000,439,512 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2007.06.27 10:13:56 | 000,268,504 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
PRC - [2007.04.13 18:14:28 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
PRC - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe
PRC - [2007.02.12 11:46:34 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.26 13:11:10 | 000,345,688 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2012.06.26 13:11:08 | 000,282,200 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2012.06.26 13:11:02 | 008,197,208 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2012.06.26 13:11:00 | 002,302,040 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2012.06.26 13:10:58 | 000,202,328 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2012.06.26 13:10:58 | 000,027,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2012.06.13 14:03:49 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9104e78d8897df008eed3a2af3bda6a2\WindowsFormsIntegration.ni.dll
MOD - [2012.06.13 14:02:08 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012.06.13 13:42:13 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.13 13:42:00 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.13 13:41:39 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012.06.13 13:39:10 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012.06.11 18:24:32 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2012.06.11 12:45:06 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012.05.09 01:40:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.09 01:39:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.09 01:32:28 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.09 01:31:00 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012.05.09 01:30:38 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll
MOD - [2012.05.09 01:28:56 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.05.09 01:28:52 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.09 01:28:13 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.04.04 07:54:04 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.08.26 16:53:50 | 000,357,888 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\Resources.dll
MOD - [2010.08.26 16:53:34 | 000,898,048 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\ACPPlugins.dll
MOD - [2010.08.26 16:53:22 | 000,765,952 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\ACPGUI.dll
MOD - [2010.08.26 16:52:02 | 000,470,016 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\ACP_Lib.dll
MOD - [2010.08.26 16:51:32 | 000,166,912 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\ACPSharedTypes.dll
MOD - [2010.08.26 16:51:22 | 000,315,904 | ---- | M] () -- C:\Program Files\Philips\CamSuite\2.0.15.0\Common.dll
MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.02.25 03:16:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2007.10.19 17:42:34 | 000,339,968 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLTinyDB.dll
MOD - [2007.10.19 17:42:20 | 000,245,858 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll
MOD - [2007.10.19 17:42:20 | 000,114,780 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLSchMgr.dll
MOD - [2007.10.19 17:42:20 | 000,032,768 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.19 16:20:24 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.21 05:01:58 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.06.11 19:19:02 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.06.11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.08.26 16:53:46 | 000,687,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Philips\CamSuite\2.0.15.0\ACPService.exe -- (ACPService)
SRV - [2009.06.13 19:47:02 | 000,068,760 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008.11.07 17:40:52 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.05.21 10:36:08 | 000,103,992 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Windows\System32\PGPserv.exe -- (PGPserv)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.19 17:42:38 | 000,290,909 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc)
SRV - [2007.10.19 17:42:38 | 000,114,779 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched)
SRV - [2007.10.09 00:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.06.27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2007.06.27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe -- (QualityManager)
SRV - [2007.06.27 10:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2007.06.27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2007.06.27 10:15:28 | 000,039,640 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE)
SRV - [2007.06.27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2007.06.27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore)
SRV - [2007.06.27 10:13:56 | 000,268,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2007.02.12 11:46:34 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - File not found [File_System | Boot | Running] --  -- (MFX)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.06.11 20:58:44 | 008,733,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2012.06.11 20:58:44 | 008,733,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.06.11 18:25:48 | 000,295,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.06.11 11:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.02.23 14:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2012.01.09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.11.07 12:33:59 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio)
DRV - [2010.08.27 14:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.10 10:44:48 | 000,022,328 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\DVDSYS32_100507.sys -- (MSI_DVD_010507)
DRV - [2010.05.10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010.05.10 10:44:36 | 000,016,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\VGASYS32_100507.sys -- (MSI_VGASYS_010507)
DRV - [2010.03.26 01:17:20 | 000,220,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2010.01.29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009.12.18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009.09.24 09:30:02 | 001,006,816 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009.04.14 12:03:05 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaura.sys -- (avmaura)
DRV - [2009.03.18 14:56:06 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/07/23 11:50:55] [Kernel | Auto | Running] -- C:\Program Files\HomeCinema\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2009.01.20 12:16:54 | 003,002,240 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\spc2050.sys -- (SPC2050)
DRV - [2008.09.26 10:53:00 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.09.26 10:52:00 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.05.21 10:36:16 | 000,204,856 | ---- | M] (PGP Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PGPwded.sys -- (PGPwded)
DRV - [2008.05.21 10:36:06 | 000,040,504 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPsdk.sys -- (PGPsdkDriver)
DRV - [2008.05.21 10:35:52 | 000,115,768 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\PGPfsfd.sys -- (pgpfs)
DRV - [2008.05.21 10:35:48 | 000,245,816 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PGPdisk.sys -- (PGPdisk)
DRV - [2008.05.07 11:40:04 | 000,088,704 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\phaudlwr.sys -- (phaudlwr)
DRV - [2007.12.08 11:35:56 | 000,124,416 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Hanna\AppData\Local\Temp\PCD65X2.sys -- (PCD65X2)
DRV - [2007.12.08 11:35:56 | 000,120,320 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV65.sys -- (SSHDRV65)
DRV - [2007.12.04 18:10:30 | 000,016,640 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007.10.15 18:13:27 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007.10.11 12:21:34 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\HomeCinema\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2007.09.21 10:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.06.27 10:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007.05.07 03:00:00 | 000,537,600 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fpcibase.sys -- (FPCIBASE)
DRV - [2007.05.07 03:00:00 | 000,064,512 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2007.05.03 11:19:16 | 000,066,472 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\avmport.sys -- (AVMPORT)
DRV - [2007.02.18 20:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2007.01.17 14:30:00 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Spyder2.sys -- (Spyder2)
DRV - [2007.01.12 10:54:50 | 000,010,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Medion\BIOS\winflash192\WinFlash.sys -- (WINFLASH)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/pspad/{13A996AC-CE4E-4195-BF10-BE50CF0E8B77}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\SearchScopes\{2E819C12-E6DD-4389-95A2-6B615AC502D9}: "URL" = hxxp://www.exalead.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\SearchScopes\{3863119E-4268-4618-8BF4-42036694B287}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/pspad/{13A996AC-CE4E-4195-BF10-BE50CF0E8B77}?q={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\SearchScopes\{C3377DAF-0754-4C19-9715-B4069C6FA7BA}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\SearchScopes\{CDC8C8F1-1253-4D76-B776-E80775EC1B4E}: "URL" = hxxp://www.metager.de/meta/cgi-bin/meta.ger1?wissRank=on&sprueche=on&eingabe={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\SearchScopes\{E4B4DBFA-02EE-4D98-9161-0DF4EE6ABDB7}: "URL" = hxxp://search.ebay.de/search/search.dll?satitle={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..\SearchScopes,DefaultScope = {2E819C12-E6DD-4389-95A2-6B615AC502D9}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..\SearchScopes\{2E819C12-E6DD-4389-95A2-6B615AC502D9}: "URL" = hxxp://www.exalead.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..\SearchScopes\{C3377DAF-0754-4C19-9715-B4069C6FA7BA}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..\SearchScopes\{CDC8C8F1-1253-4D76-B776-E80775EC1B4E}: "URL" = hxxp://www.metager.de/meta/cgi-bin/meta.ger1?wissRank=on&sprueche=on&eingabe={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..\SearchScopes\{E4B4DBFA-02EE-4D98-9161-0DF4EE6ABDB7}: "URL" = hxxp://search.ebay.de/search/search.dll?satitle={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\palmOne\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.04.23 01:26:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.16 21:09:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.21 19:35:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.06.19 15:48:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2012.07.14 12:04:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 16:20:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.23 01:51:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.16 21:09:48 | 000,000,000 | ---D | M]
 
[2012.03.19 20:28:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.03.19 20:28:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2009.11.08 19:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\uploadr@flickr.com
[2012.08.02 08:15:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iqywoth5.default-1343886510233\extensions
[2012.08.02 08:05:10 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iqywoth5.default-1343886510233\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2012.08.02 08:01:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iqywoth5.default-1343886510233\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.08.02 08:10:29 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iqywoth5.default-1343886510233\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012.08.02 08:15:38 | 000,000,000 | ---D | M] (ViewSourceWith) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iqywoth5.default-1343886510233\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}
[2012.08.02 08:11:06 | 000,000,000 | ---D | M] (Perspectives) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iqywoth5.default-1343886510233\extensions\perspectives@cmu.edu
[2012.07.19 16:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions
[2010.04.27 10:27:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.02.12 18:44:08 | 000,000,000 | ---D | M] (Copy Plain Text) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
[2011.05.15 10:31:07 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.08.09 18:25:05 | 000,000,000 | ---D | M] (Operator) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{95C9A302-8557-4052-91B7-2BB6BA33C885}
[2010.10.03 19:18:42 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.02 13:47:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.01.11 17:45:15 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2010.01.10 04:08:09 | 000,000,000 | ---D | M] (surfclarity) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{DFBEBDA6-4BFF-46E3-A968-5CCAE63E747A}
[2012.06.02 13:47:16 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010.01.27 13:46:54 | 000,000,000 | ---D | M] (Plain Text Links) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}
[2012.01.05 08:17:26 | 000,000,000 | ---D | M] (ViewSourceWith) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}
[2009.02.12 18:44:06 | 000,000,000 | ---D | M] ("Better YouTube") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\betteryoutube@ginatrapani.org
[2012.06.27 18:50:14 | 000,000,000 | ---D | M] (Perspectives) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\perspectives@cmu.edu
[2010.02.01 01:29:09 | 000,000,000 | ---D | M] ("SSL Blacklist") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yy2si1gp.Test\extensions\sslblacklist@codefromthe70s.org
[2012.03.18 20:11:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.07.19 16:20:25 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007.02.05 00:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012.03.18 20:11:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.18 20:11:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.18 20:11:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.18 20:11:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.18 20:11:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.18 20:11:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: about:blank
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: about:blank
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\gears.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: LizardTech DjVu (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\palmOne\PACKAG~1\NPInstal.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011.06.11 14:22:41 | 000,000,763 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O3 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PLF2050] C:\Windows\PLF2050.exe (sonix)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [spc2050] C:\Windows\vspc2050.exe (Sonix)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKU\S-1-5-18..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003..\Run: [AVMUSBFernanschluss] C:\Users\IUSR_NMPR\AppData\Local\Apps\2.0\NV4B77TJ.RLV\ZA3RV21M.ADH\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf149dd7a141\AVMAutoStart.exe File not found
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide File not found
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003..\Run: [Facebook Update] C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003..\Run: [GMX SMS-Manager] C:\Program Files\GMX\GMX SMS-Manager\SMSMngr.exe File not found
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004..\Run: [AVMUSBFernanschluss] C:\Users\***\AppData\Local\Apps\2.0\NV4B77TJ.RLV\ZA3RV21M.ADH\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004..\Run: [Facebook Update] C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2008.12.06 03:36:40 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!fax.lnk = C:\Program Files\FRITZ!\FriFax32.exe (AVM Berlin)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hamster.lnk = C:\Program Files\hamster\Hamster.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ISDNWatch.lnk = C:\Program Files\FRITZ!\IWatch.exe (AVM Berlin)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\klickIdent 19.lnk = C:\Program Files\klickIdent Herbst 2007\klickIdentPP.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telefon- und Branchenbuch Herbst 2007 - Schnellstarter.lnk = C:\Program Files\klickTel\Telefon- und Branchenbuch Herbst 2007\KSTART32.EXE (klickTel AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PGPlsp.dll (PGP Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\PGPlsp.dll (PGP Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..Trusted Domains: apemap.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..Trusted Domains: meine-domain.de ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..Trusted Domains: elsteronline.de ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..Trusted Domains: fernuni-hagen.de ([ca] https in Trusted sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..Trusted Domains: apemap.com ([]http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..Trusted Domains: com ([www.msi] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..Trusted Domains: com.tw ([asia.msi] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..Trusted Domains: com.tw ([global.msi] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..Trusted Domains: meine-domain.de ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..Trusted Domains: elsteronline.de ([www] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..Trusted Domains: fernuni-hagen.de ([ca] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..Trusted Domains: microsoft.com ([www.update] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{365D6CE8-3EB7-4D59-9B24-20AA50C5C322}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74B45BF2-3149-4401-821E-193CB8EF9E3D}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: GameShadow - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: LexwareInfoService - hkey= - key= - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
MsConfig - StartUpReg: MMAgent - hkey= - key= - C:\Program Files\Mobile Master\MMAgent.exe (Jumping Bytes)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.WMV3 - C:\Windows\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.x264 - C:\Windows\System32\x264vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.03 17:58:41 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.03 17:28:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2012.08.01 21:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.08.01 21:13:34 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Simply Super Software
[2012.08.01 21:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.07.31 12:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.30 16:11:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.07.30 16:10:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.30 16:10:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.30 16:10:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.30 16:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.30 03:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.07.30 03:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.07.30 03:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.07.30 03:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.07.28 18:18:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.07.28 03:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012.07.27 11:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2012.07.23 01:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.07.14 18:00:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations
[2012.07.14 12:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2012.07.14 12:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite
[2012.07.14 12:03:15 | 000,019,072 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2012.07.14 12:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012.07.14 11:41:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\dvdcss
[2012.07.08 10:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.07.08 10:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012.07.08 10:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2010.07.02 08:23:49 | 001,022,352 | ---- | C] (BitTorrent, Inc.) -- C:\Users\***\AppData\Local\uTorrent.exe
[2009.07.25 15:21:38 | 003,786,240 | ---- | C] (www.BabelStone.co.uk/Software/BabelMap.html) -- C:\Program Files\BabelMap.exe
[2009.02.16 14:03:05 | 000,520,192 | ---- | C] (Andrew Zhezherun) -- C:\Program Files\WinDjView-0.5.exe
[2008.07.28 21:58:00 | 000,953,344 | ---- | C] (Squared 5) -- C:\Program Files\MPEG_Streamclip.exe
[2008.07.28 14:22:38 | 000,237,568 | ---- | C] (Derrow/Decision Development) -- C:\Program Files\VobEdit.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.03 18:15:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8FFE2620-F3A6-4A3D-8DE1-28BB43424C7F}.job
[2012.08.03 18:12:38 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B3D2BDFD-4BCC-4E26-A292-781810C0B8D0}.job
[2012.08.03 17:58:45 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.03 17:28:56 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.03 17:28:43 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.03 17:28:43 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.03 17:28:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.03 17:28:34 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.03 16:00:01 | 000,001,182 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004UA.job
[2012.08.03 15:23:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.03 15:21:00 | 000,001,164 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004UA.job
[2012.08.02 18:21:03 | 000,397,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.02 18:21:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004Core.job
[2012.08.02 11:35:55 | 000,002,716 | ---- | M] () -- C:\Users\***\Documents\cc_20120802_113545.reg
[2012.08.02 11:29:33 | 001,022,352 | ---- | M] (BitTorrent, Inc.) -- C:\Users\***\AppData\Local\uTorrent.exe
[2012.08.02 07:21:35 | 000,000,824 | ---- | M] () -- C:\Users\***\Documents\cc_20120802_072120.reg
[2012.08.02 07:16:52 | 000,004,548 | ---- | M] () -- C:\Users\***\Documents\cc_20120802_071639.reg
[2012.08.02 06:52:01 | 000,015,532 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2012.08.01 19:12:59 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.08.01 10:33:12 | 000,681,218 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.01 10:33:12 | 000,640,270 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.01 10:33:12 | 000,148,594 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.01 10:33:12 | 000,122,258 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.30 16:10:35 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.30 03:36:20 | 000,001,628 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.29 11:27:00 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.07.29 03:10:59 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20120729_031051.reg
[2012.07.29 00:56:53 | 000,254,616 | ---- | M] () -- C:\Users\***\Documents\cc_20120729_005608.reg
[2012.07.28 03:22:35 | 000,000,454 | ---- | M] () -- C:\user.js
[2012.07.28 02:48:10 | 000,032,768 | ---- | M] () -- C:\Users\***\places.sqlite-shm
[2012.07.28 02:45:56 | 000,531,512 | ---- | M] () -- C:\Users\***\places.sqlite-wal-default
[2012.07.28 02:45:06 | 000,391,432 | ---- | M] () -- C:\Users\***\places.sqlite-wal
[2012.07.28 01:58:03 | 000,000,805 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012.07.27 11:50:03 | 000,037,888 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.27 11:12:22 | 000,000,740 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2012.07.26 10:00:00 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004Core.job
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.02 11:35:52 | 000,002,716 | ---- | C] () -- C:\Users\***\Documents\cc_20120802_113545.reg
[2012.08.02 07:21:25 | 000,000,824 | ---- | C] () -- C:\Users\***\Documents\cc_20120802_072120.reg
[2012.08.02 07:16:43 | 000,004,548 | ---- | C] () -- C:\Users\***\Documents\cc_20120802_071639.reg
[2012.08.01 19:41:44 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.30 16:10:35 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.30 03:36:20 | 000,001,628 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.29 11:27:00 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.07.29 03:10:55 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20120729_031051.reg
[2012.07.29 00:56:15 | 000,254,616 | ---- | C] () -- C:\Users\***\Documents\cc_20120729_005608.reg
[2012.07.28 18:16:24 | 000,001,164 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004UA.job
[2012.07.28 18:16:23 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004Core.job
[2012.07.28 03:22:34 | 000,000,454 | ---- | C] () -- C:\user.js
[2012.07.28 02:48:08 | 000,032,768 | ---- | C] () -- C:\Users\***\places.sqlite-shm
[2012.07.28 02:45:55 | 000,531,512 | ---- | C] () -- C:\Users\***\places.sqlite-wal-default
[2012.07.28 02:45:04 | 000,391,432 | ---- | C] () -- C:\Users\***\places.sqlite-wal
[2012.06.29 01:51:14 | 011,632,640 | ---- | C] () -- C:\Users\***\AppData\Roaming\Sandra.mdb
[2012.06.29 01:51:14 | 000,000,064 | ---- | C] () -- C:\Users\***\AppData\Roaming\Sandra.ldb
[2012.06.11 13:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.04.29 16:21:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.12 21:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.10.12 21:28:52 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.09.13 18:30:37 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.09.13 18:30:37 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.09.13 18:30:37 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.09.13 18:30:37 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.09.13 18:30:37 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.09.13 18:30:37 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.09.13 18:30:37 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.09.13 18:30:36 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.09.13 18:30:36 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.09.13 18:30:36 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.09.13 18:30:36 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.09.13 18:30:36 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.09.13 18:30:36 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.09.13 18:30:36 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.09.13 18:30:36 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.09.13 18:30:36 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.09.13 18:30:36 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.09.13 18:30:36 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.09.13 18:30:36 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.08.17 15:58:59 | 000,001,518 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2011.07.17 12:22:10 | 000,015,532 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.11.10 19:40:16 | 000,000,483 | ---- | C] () -- C:\ProgramData\CamSuite.ini
[2010.09.18 17:44:11 | 003,002,240 | ---- | C] () -- C:\Windows\System32\drivers\spc2050.sys
[2010.09.18 17:44:11 | 000,851,968 | ---- | C] () -- C:\Windows\System32\Dll_Volume_Ctrl.dll
[2010.09.18 17:44:11 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\cspc2050.dll
[2010.09.18 17:44:11 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\spc2050c.sys
[2010.09.18 17:44:11 | 000,015,497 | ---- | C] () -- C:\Windows\spc2050.ini
[2010.08.16 21:09:29 | 000,023,689 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.08.16 21:07:02 | 000,078,213 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010.06.15 10:28:00 | 051,206,459 | ---- | C] () -- C:\Users\***\gutschein.pspimage
[2010.02.26 09:45:14 | 000,350,720 | ---- | C] () -- C:\Program Files\hjsplit.exe
[2009.02.04 16:32:33 | 002,658,495 | ---- | C] () -- C:\Users\***\moltovitale-tour-2008-10-09-134.jpg
[2008.12.14 15:08:54 | 001,527,924 | -H-- | C] () -- C:\Users\***\ZbThumbnail.info
[2008.07.31 11:01:34 | 000,025,197 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2008.07.29 13:37:27 | 000,000,580 | ---- | C] () -- C:\Users\***\AppData\Roaming\AutoGK.ini
[2008.07.28 21:58:01 | 000,078,825 | ---- | C] () -- C:\Program Files\MPEG Streamclip Guide.rtf
[2008.07.23 09:07:52 | 007,100,928 | ---- | C] () -- C:\Program Files\PocketDivXEncoder_0.3.96.exe
[2008.03.14 12:35:49 | 000,384,199 | ---- | C] () -- C:\Users\***\jap.conf
[2007.12.26 22:21:15 | 000,000,198 | ---- | C] () -- C:\Users\***\AppData\Roaming\default.pls
[2007.12.25 22:07:06 | 000,001,024 | ---- | C] () -- C:\Users\***\.rnd
[2007.12.10 10:20:12 | 000,037,888 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.09 14:56:52 | 000,000,326 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2007.12.01 18:57:16 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.12.01 17:17:12 | 000,000,104 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
 
========== LOP Check ==========
 
[2011.10.06 18:42:04 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Amazon
[2012.03.24 10:17:46 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Audacity
[2010.01.12 17:17:36 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Broad Intelligence
[2007.12.07 19:42:48 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Canon
[2012.06.24 21:07:18 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\FLV Extract
[2012.02.13 21:32:07 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\FOG Downloader
[2008.05.30 13:17:39 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\FRITZ!
[2011.06.04 22:39:58 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\gtk-2.0
[2008.05.10 11:14:57 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\HotSync
[2010.05.09 16:26:44 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\IrfanView
[2008.07.24 12:23:44 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\klickTel
[2008.07.24 12:24:15 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Lexware
[2012.07.23 19:10:13 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Mp3tag
[2010.02.11 03:21:02 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Nokia
[2011.01.16 21:41:49 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\PC Suite
[2011.02.03 20:54:10 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\PDF reDirect
[2007.12.07 19:36:29 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\T-Online
[2012.06.09 21:40:55 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\TomTom
[2011.09.10 20:56:41 | 000,000,000 | ---D | M] -- C:\Users\Hanna\AppData\Roaming\Ulead Systems
[2009.09.30 08:38:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2012.06.10 17:00:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2008.07.23 10:00:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2012.04.15 17:10:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2012.06.24 16:18:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2007.12.10 17:36:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CDZilla
[2012.01.20 13:11:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2007.12.23 22:27:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DataDesign
[2008.12.25 17:52:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\directx9
[2012.08.03 17:30:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.02.06 03:06:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2010.10.03 19:18:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.10 17:01:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EAC
[2008.01.18 23:18:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Flickr
[2008.06.11 13:57:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FLV Extract
[2012.08.03 14:57:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000
[2007.12.05 17:51:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!
[2008.04.14 22:05:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GARMIN
[2008.08.14 23:09:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg
[2011.08.17 15:58:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.01.05 18:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2008.01.13 18:26:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Haufe
[2008.04.14 21:33:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HotSync
[2010.06.11 21:37:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.06.08 16:43:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JAM Software
[2007.12.02 15:07:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jasc
[2009.10.27 16:20:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JonDo
[2010.01.22 00:51:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jumping Bytes
[2008.01.10 21:16:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\klickIdent
[2008.01.11 20:10:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\klickTel
[2008.04.14 21:45:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2009.09.04 17:28:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leawo
[2007.12.02 13:06:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware
[2009.06.02 12:23:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mathegrafix
[2010.01.22 18:34:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobile Master
[2012.02.06 02:26:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Moyea
[2012.07.27 11:11:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2008.07.28 21:51:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MPEG Streamclip
[2011.02.27 15:24:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MrJobs
[2012.01.08 03:35:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2010.01.11 14:53:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2007.12.31 16:19:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF reDirect
[2008.08.12 23:38:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PGP Corporation
[2011.07.26 23:43:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software.com
[2008.01.07 19:29:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sonavis
[2007.12.03 00:45:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online
[2007.12.09 14:57:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2012.03.19 20:28:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2008.07.24 15:38:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TVcentral-Core
[2012.08.02 11:36:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2007.12.06 02:30:56 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\FRITZ!
[2007.12.15 03:07:30 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\T-Online
[2008.10.29 20:51:42 | 000,000,000 | ---D | M] -- C:\Users\konto\AppData\Roaming\Lexware
[2008.10.30 16:44:15 | 000,000,000 | ---D | M] -- C:\Users\Konto.+++\AppData\Roaming\Lexware
[2008.11.08 00:38:07 | 000,000,000 | ---D | M] -- C:\Users\konto.+++.000\AppData\Roaming\Lexware
[2008.11.08 16:12:08 | 000,000,000 | ---D | M] -- C:\Users\konto.+++.001\AppData\Roaming\Lexware
[2008.11.09 22:27:16 | 000,000,000 | ---D | M] -- C:\Users\konto.+++.002\AppData\Roaming\Lexware
[2008.11.17 20:39:10 | 000,000,000 | ---D | M] -- C:\Users\konto.+++.003\AppData\Roaming\Lexware
[2008.11.19 21:12:25 | 000,000,000 | ---D | M] -- C:\Users\konto.+++.004\AppData\Roaming\Lexware
[2008.11.23 22:25:03 | 000,000,000 | ---D | M] -- C:\Users\konto.+++.005\AppData\Roaming\Lexware
[2008.11.26 21:14:59 | 000,000,000 | ---D | M] -- C:\Users\konto.+++.006\AppData\Roaming\Lexware
[2008.06.06 15:30:17 | 000,000,000 | ---D | M] -- C:\Users\Lupita\AppData\Roaming\FRITZ!
[2008.06.06 15:30:19 | 000,000,000 | ---D | M] -- C:\Users\Lupita\AppData\Roaming\HotSync
[2008.10.23 18:42:07 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Lexware
[2008.10.28 13:15:06 | 000,000,000 | ---D | M] -- C:\Users\Sandra.+++\AppData\Roaming\Lexware
[2012.07.26 10:00:00 | 000,001,160 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004Core.job
[2012.08.03 16:00:01 | 000,001,182 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3256582083-1008837156-380773153-1004UA.job
[2012.08.03 16:14:15 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.03 18:15:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8FFE2620-F3A6-4A3D-8DE1-28BB43424C7F}.job
[2012.08.03 18:12:38 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B3D2BDFD-4BCC-4E26-A292-781810C0B8D0}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2007.12.03 18:29:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ABBYY
[2011.10.23 14:32:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AccurateRip
[2012.06.19 15:38:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2009.10.11 15:22:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ahead
[2009.09.30 08:38:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2011.10.06 01:20:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2007.12.03 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Arcsoft
[2012.04.29 16:33:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI
[2012.06.10 17:00:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2008.07.23 10:00:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2012.05.15 18:05:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2010.10.03 19:30:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVS4YOU
[2012.04.15 17:10:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2012.06.24 16:18:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2007.12.10 17:36:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CDZilla
[2012.01.20 13:11:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2009.01.18 12:18:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink
[2007.12.23 22:27:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DataDesign
[2008.12.25 17:52:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\directx9
[2010.10.26 12:29:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2012.08.03 17:30:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.07.14 11:41:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2012.02.06 03:06:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2010.10.03 19:18:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.10 17:01:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EAC
[2012.06.22 02:00:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ESTsoft
[2008.01.18 23:18:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Flickr
[2008.06.11 13:57:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FLV Extract
[2012.08.03 14:57:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000
[2007.12.05 17:51:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!
[2008.04.14 22:05:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GARMIN
[2008.08.14 23:09:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg
[2008.05.09 00:45:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google
[2007.12.01 17:17:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GTek
[2011.08.17 15:58:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.01.05 18:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2008.01.13 18:26:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Haufe
[2007.12.28 17:27:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Help
[2008.04.14 21:33:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HotSync
[2010.07.30 20:21:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HP
[2011.05.03 11:25:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HpUpdate
[2007.12.01 17:16:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2010.08.29 20:11:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2010.06.11 21:37:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.06.08 16:43:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JAM Software
[2007.12.02 15:07:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jasc
[2007.12.02 14:57:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jasc Software Inc
[2009.10.27 16:20:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JonDo
[2010.01.22 00:51:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jumping Bytes
[2008.01.10 21:16:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\klickIdent
[2008.01.11 20:10:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\klickTel
[2008.04.14 21:45:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2009.09.04 17:28:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leawo
[2007.12.02 13:06:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware
[2008.12.03 13:45:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logitech
[2007.12.01 19:09:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.07.30 16:11:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.06.02 12:23:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mathegrafix
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.03.09 00:17:35 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2008.01.09 21:58:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Microsoft Web Folders
[2010.01.22 18:34:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobile Master
[2012.02.06 02:26:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Moyea
[2008.08.27 00:02:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.07.27 11:11:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2008.07.28 21:51:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MPEG Streamclip
[2011.02.27 15:24:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MrJobs
[2007.12.23 17:05:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nero
[2012.01.08 03:35:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2011.11.11 10:13:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NVIDIA
[2008.01.10 01:42:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org2
[2010.01.11 14:53:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2007.12.31 16:19:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF reDirect
[2008.08.12 23:38:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PGP Corporation
[2010.06.15 12:12:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PSpad
[2007.12.10 10:32:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real
[2011.07.26 23:43:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software.com
[2008.01.07 19:29:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sonavis
[2007.12.04 00:00:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sun
[2007.12.03 00:45:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online
[2007.12.09 14:57:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2012.03.19 20:28:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2008.07.24 15:38:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TVcentral-Core
[2012.08.02 11:36:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2012.07.30 03:24:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2012.05.28 22:53:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
[2012.07.31 14:41:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZoomBrowser EX
 
< %APPDATA%\*.exe /s >
[2007.07.20 00:48:24 | 000,503,144 | ---- | M] (Microsoft Corporation) -- C:\Users\***\AppData\Roaming\directx9\DXSETUP.exe
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.04.26 23:14:02 | 000,872,016 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.06.13 13:44:36 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.04.25 14:16:38 | 014,852,504 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe
[2009.12.03 19:30:21 | 001,961,720 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2009.11.12 14:59:04 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\Foren.exe
[2009.11.12 14:59:04 | 000,000,766 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\htmledit.exe
[2009.05.17 03:02:38 | 000,284,646 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{53D03656-C329-44D5-9FAC-DAF85CED48DA}\ARPPRODUCTICON.exe
[2009.05.17 03:02:38 | 000,284,646 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{53D03656-C329-44D5-9FAC-DAF85CED48DA}\BOINCMGRLink_B65C4A4D2B2A46CCA2D918164C6297B8.exe
[2010.02.10 16:29:25 | 000,004,150 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{67D7824F-7277-4BB4-804F-9FBBC9C83E80}\_6FEFF9B68218417F98F549.exe
[2010.02.10 16:29:25 | 000,004,150 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{67D7824F-7277-4BB4-804F-9FBBC9C83E80}\_ABEB6FF2C1656D98E1C9E9.exe
[2010.02.10 16:29:28 | 000,004,150 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{67D7824F-7277-4BB4-804F-9FBBC9C83E80}\_AF02BFF1FEE698A28941B5.exe
[2011.02.09 01:22:48 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2008.07.23 16:26:40 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{A4E86B6A-6EEC-41FD-8960-26947F0E3353}\ARPPRODUCTICON.exe
[2009.04.16 21:24:08 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{D5C8E140-6E6F-11DD-9AA9-0050560400B1}\ARPPRODUCTICON.exe
[2010.02.10 17:58:46 | 000,001,078 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DCA0A35D-30F1-4ED0-971F-5FFD2F60BB08}\_140970B07C471344006034.exe
[2010.02.10 17:58:46 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DCA0A35D-30F1-4ED0-971F-5FFD2F60BB08}\_463E67FA4C71263B7FC89A.exe
[2010.02.10 17:58:46 | 000,001,078 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DCA0A35D-30F1-4ED0-971F-5FFD2F60BB08}\_6FEFF9B68218417F98F549.exe
[2010.02.10 17:58:46 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DCA0A35D-30F1-4ED0-971F-5FFD2F60BB08}\_D9282C461A99F45A4A0648.exe
[2008.12.25 17:52:42 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DDD636C2-2689-4E52-93ED-A79E86F8CCDB}\ARPPRODUCTICON.exe
[2008.12.25 17:52:42 | 000,069,478 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DDD636C2-2689-4E52-93ED-A79E86F8CCDB}\Deinstallieren_Bibi__DDD636C226894E5293EDA79E86F8CCDB.exe
[2008.12.25 17:52:42 | 000,008,854 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DDD636C2-2689-4E52-93ED-A79E86F8CCDB}\Lizenzvereinbarung.p_DDD636C226894E5293EDA79E86F8CCDB.exe
[2008.12.25 17:52:42 | 000,069,478 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DDD636C2-2689-4E52-93ED-A79E86F8CCDB}\NewShortcut2_DDD636C226894E5293EDA79E86F8CCDB.exe
[2008.12.25 17:52:42 | 000,069,478 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DDD636C2-2689-4E52-93ED-A79E86F8CCDB}\NewShortcut3_DDD636C226894E5293EDA79E86F8CCDB.exe
[2008.12.25 17:52:42 | 000,008,854 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DDD636C2-2689-4E52-93ED-A79E86F8CCDB}\readme.txt_DDD636C226894E5293EDA79E86F8CCDB.exe
[2008.12.25 17:52:42 | 000,008,854 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DDD636C2-2689-4E52-93ED-A79E86F8CCDB}\Spielanleitung.pdf_DDD636C226894E5293EDA79E86F8CCDB.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.04.17 10:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\drivers\atapi.sys
[2007.04.17 10:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007.04.17 10:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2008.02.13 11:47:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.13 11:47:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.13 11:47:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.02.13 11:47:38 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
[2009.12.02 17:12:14 | 000,044,032 | ---- | M] (Panasonic Corporation) MD5=C69C760478573085FA11243AE15E8A28 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO 5.0\Core\EventLog\EventLog.dll
[2004.12.13 11:37:30 | 000,028,791 | ---- | M] () MD5=CAD468899536326818AE00BF0A750F9C -- C:\altes Laufwerk D\Programme\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.10.09 00:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007.10.09 00:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\drivers\iaStor.sys
[2007.10.09 00:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1bb129e3\iaStor.sys
[2007.10.09 00:19:02 | 000,383,000 | ---- | M] (Intel Corporation) MD5=968BCEAD432CD478D0659FC95ED52170 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[1998.05.15 21:01:00 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=077D106406E4F08848BF3D9126321885 -- C:\altes Laufwerk C\WINDOWS\SYSTEM\USER32.DLL
[2007.09.26 14:10:24 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.09.26 14:10:25 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[1998.05.15 21:01:00 | 000,042,181 | ---- | M] () MD5=4B4201A7BE355B0648C10930E0141CA3 -- C:\altes Laufwerk C\WINDOWS\WININIT.EXE
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.06.11 19:20:02 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 732 bytes -> C:\Users\***\Documents\sperrtermine.eml:OECustomProperty
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

--- --- ---

Ich hab Dir das, glaube ich, eben zuerst als Private Nachricht geschickt, oder? Falls ja: Sorry, das war ein Versehen.

Viele Grüße
Harald

cosinus · 04.08.2012, 13:03

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/pspad/{13A996AC-CE4E-4195-BF10-BE50CF0E8B77}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\SearchScopes\{2E819C12-E6DD-4389-95A2-6B615AC502D9}: "URL" = http://www.exalead.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/pspad/{13A996AC-CE4E-4195-BF10-BE50CF0E8B77}?q={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\SearchScopes\{CDC8C8F1-1253-4D76-B776-E80775EC1B4E}: "URL" = http://www.metager.de/meta/cgi-bin/meta.ger1?wissRank=on&sprueche=on&eingabe={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\SearchScopes\{E4B4DBFA-02EE-4D98-9161-0DF4EE6ABDB7}: "URL" = http://search.ebay.de/search/search.dll?satitle={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..\SearchScopes,DefaultScope = {2E819C12-E6DD-4389-95A2-6B615AC502D9}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..\SearchScopes\{2E819C12-E6DD-4389-95A2-6B615AC502D9}: "URL" = http://www.exalead.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..\SearchScopes\{CDC8C8F1-1253-4D76-B776-E80775EC1B4E}: "URL" = http://www.metager.de/meta/cgi-bin/meta.ger1?wissRank=on&sprueche=on&eingabe={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\..\SearchScopes\{E4B4DBFA-02EE-4D98-9161-0DF4EE6ABDB7}: "URL" = http://search.ebay.de/search/search.dll?satitle={searchTerms}
IE - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - user.js - File not found
O3 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-21-3256582083-1008837156-380773153-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3256582083-1008837156-380773153-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CB0AACC9
:Files
c:\user.js
C:\Program Files\PSPad Toolbar
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache
C:\Users\Hanna\Downloads\Zylom-Installer_PflanzengegenZombies_DE(1).exe
C:\Users\Hanna\Downloads\Zylom-Installer_PflanzengegenZombies_DE.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

hoochiecoo · 05.08.2012, 11:49

Vielen Dank noch mal für Deine Hilfe!

Hier das Logfile:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKU\S-1-5-21-3256582083-1008837156-380773153-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-3256582083-1008837156-380773153-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3256582083-1008837156-380773153-1003\Software\Microsoft\Internet Explorer\SearchScopes\{2E819C12-E6DD-4389-95A2-6B615AC502D9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E819C12-E6DD-4389-95A2-6B615AC502D9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3256582083-1008837156-380773153-1003\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Registry key HKEY_USERS\S-1-5-21-3256582083-1008837156-380773153-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CDC8C8F1-1253-4D76-B776-E80775EC1B4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDC8C8F1-1253-4D76-B776-E80775EC1B4E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3256582083-1008837156-380773153-1003\Software\Microsoft\Internet Explorer\SearchScopes\{E4B4DBFA-02EE-4D98-9161-0DF4EE6ABDB7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E4B4DBFA-02EE-4D98-9161-0DF4EE6ABDB7}\ not found.
HKU\S-1-5-21-3256582083-1008837156-380773153-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3256582083-1008837156-380773153-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-3256582083-1008837156-380773153-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3256582083-1008837156-380773153-1004\Software\Microsoft\Internet Explorer\SearchScopes\{2E819C12-E6DD-4389-95A2-6B615AC502D9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E819C12-E6DD-4389-95A2-6B615AC502D9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3256582083-1008837156-380773153-1004\Software\Microsoft\Internet Explorer\SearchScopes\{CDC8C8F1-1253-4D76-B776-E80775EC1B4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDC8C8F1-1253-4D76-B776-E80775EC1B4E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3256582083-1008837156-380773153-1004\Software\Microsoft\Internet Explorer\SearchScopes\{E4B4DBFA-02EE-4D98-9161-0DF4EE6ABDB7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E4B4DBFA-02EE-4D98-9161-0DF4EE6ABDB7}\ not found.
HKU\S-1-5-21-3256582083-1008837156-380773153-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3256582083-1008837156-380773153-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-3256582083-1008837156-380773153-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3256582083-1008837156-380773153-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
========== FILES ==========
c:\user.js moved successfully.
File\Folder C:\Program Files\PSPad Toolbar not found.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\759e98ee-2f26a2bc-n folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Hanna\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
C:\Users\Hanna\Downloads\Zylom-Installer_PflanzengegenZombies_DE(1).exe moved successfully.
C:\Users\Hanna\Downloads\Zylom-Installer_PflanzengegenZombies_DE.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: cge
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56519 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Hanna
->Temp folder emptied: 96649941 bytes
->Temporary Internet Files folder emptied: 62866739 bytes
->FireFox cache emptied: 424815368 bytes
->Flash cache emptied: 209865 bytes
 
User: ***
->Temp folder emptied: 5964496 bytes
->Temporary Internet Files folder emptied: 5188435 bytes
->Java cache emptied: 35995 bytes
->FireFox cache emptied: 325051656 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 16877032 bytes
 
User: Harry
->Temp folder emptied: 210880 bytes
->Temporary Internet Files folder emptied: 219540 bytes
 
User: IUSR_NMPR
->Temp folder emptied: 1268 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: konto
->Temp folder emptied: 32507 bytes
->Temporary Internet Files folder emptied: 64024156 bytes
->Flash cache emptied: 932 bytes
 
User: Konto.+++
->Temp folder emptied: 32507 bytes
->Temporary Internet Files folder emptied: 72475294 bytes
->Flash cache emptied: 1035 bytes
 
User: konto.+++.000
->Temp folder emptied: 32507 bytes
->Temporary Internet Files folder emptied: 34670799 bytes
->Flash cache emptied: 965 bytes
 
User: konto.+++.001
->Temp folder emptied: 32507 bytes
->Temporary Internet Files folder emptied: 48357023 bytes
->Flash cache emptied: 782 bytes
 
User: konto.+++.002
->Temp folder emptied: 32715 bytes
->Temporary Internet Files folder emptied: 132582289 bytes
->Java cache emptied: 218945 bytes
->Flash cache emptied: 882 bytes
 
User: konto.+++.003
->Temp folder emptied: 32505 bytes
->Temporary Internet Files folder emptied: 58334232 bytes
->Flash cache emptied: 978 bytes
 
User: konto.+++.004
->Temp folder emptied: 32675 bytes
->Temporary Internet Files folder emptied: 47618515 bytes
->Flash cache emptied: 882 bytes
 
User: konto.+++.005
->Temp folder emptied: 32764 bytes
->Temporary Internet Files folder emptied: 184293177 bytes
->Flash cache emptied: 882 bytes
 
User: konto.+++.006
->Temp folder emptied: 32767 bytes
->Temporary Internet Files folder emptied: 116664405 bytes
->Flash cache emptied: 882 bytes
 
User: Lupita
->Temp folder emptied: 32284 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Public
 
User: Sandra
->Temp folder emptied: 32504 bytes
->Temporary Internet Files folder emptied: 6203361 bytes
->Flash cache emptied: 933 bytes
 
User: Sandra.+++
->Temp folder emptied: 32507 bytes
->Temporary Internet Files folder emptied: 109675319 bytes
->Flash cache emptied: 1119 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56507 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4025804 bytes
RecycleBin emptied: 20981789 bytes
 
Total Files Cleaned = 1.754,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: cge
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Hanna
->Flash cache emptied: 0 bytes
 
User: ***
->Flash cache emptied: 0 bytes
 
User: Harry
 
User: IUSR_NMPR
 
User: konto
->Flash cache emptied: 0 bytes
 
User: Konto.+++
->Flash cache emptied: 0 bytes
 
User: konto.+++.000
->Flash cache emptied: 0 bytes
 
User: konto.+++.001
->Flash cache emptied: 0 bytes
 
User: konto.+++.002
->Flash cache emptied: 0 bytes
 
User: konto.+++.003
->Flash cache emptied: 0 bytes
 
User: konto.+++.004
->Flash cache emptied: 0 bytes
 
User: konto.+++.005
->Flash cache emptied: 0 bytes
 
User: konto.+++.006
->Flash cache emptied: 0 bytes
 
User: Lupita
 
User: Public
 
User: Sandra
->Flash cache emptied: 0 bytes
 
User: Sandra.+++
->Flash cache emptied: 0 bytes
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.55.0 log created on 08052012_121155

Files\Folders moved on Reboot...
C:\Windows\temp\JET77DD.tmp moved successfully.

PendingFileRenameOperations files...
File C:\Windows\temp\JET77DD.tmp not found!

Registry entries deleted on Reboot...

cosinus · 05.08.2012, 15:47

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

01.08.2012, 19:36	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	MyStart Incredibar in Firefox, IE und Chrome Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

MyStart Incredibar in Firefox, IE und Chrome

Log-Analyse und Auswertung: MyStart Incredibar in Firefox, IE und Chrome