Viren selbst löschen, ohne neu Installation?

Kudoka · 11.10.2012, 13:55

adwcleaner Suche:

Code:

ATTFilter

# AdwCleaner v2.004 - Datei am 11/10/2012 um 14:53:48 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : steffi - STEFFI-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\steffi\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A81A974F-8A22-43E6-9243-5198FF758DA1}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\steffi\AppData\Roaming\Mozilla\Firefox\Profiles\dqxh7hlm.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\Toni.steffi-PC\AppData\Roaming\Mozilla\Firefox\Profiles\jvvk4s8h.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\steffi\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.29] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Gefunden [l.32] : keyword = "isearch.avg.com",
Gefunden [l.35] : search_url = "hxxp://isearch.avg.com/search?cid={029485F2-E295-4E9F-A785-1CE3831CF7A5}&mid=556c5a20f1c047d08294d16d67eba791-1050c23cce511874963b29345d9603b65ab919da&lang=de&ds=AVG&pr=pr&d=2012-07-07 15:04:04&v=11.1.0.12&sap=dsp&q={searchTerms}",

Datei : C:\Users\Toni.steffi-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.11] : homepage = "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48",
Gefunden [l.15] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48" ]
Gefunden [l.1490] : homepage = "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48",
Gefunden [l.1931] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48" ]

*************************

AdwCleaner[R1].txt - [58517 octets] - [09/10/2012 16:26:43]
AdwCleaner[R2].txt - [58578 octets] - [09/10/2012 17:28:29]
AdwCleaner[S1].txt - [53590 octets] - [09/10/2012 17:28:48]
AdwCleaner[R3].txt - [6699 octets] - [09/10/2012 17:35:29]
AdwCleaner[S2].txt - [7498 octets] - [09/10/2012 18:05:04]
AdwCleaner[S3].txt - [7074 octets] - [09/10/2012 22:58:46]
AdwCleaner[R4].txt - [2479 octets] - [10/10/2012 15:37:22]
AdwCleaner[S4].txt - [2541 octets] - [10/10/2012 16:27:43]
AdwCleaner[R5].txt - [2866 octets] - [11/10/2012 14:53:48]

########## EOF - C:\AdwCleaner[R5].txt - [2926 octets] ##########

Liegt es vielleicht daran, das ich zwei Benutzerprofile auf den PC habe (Beide Adminisratoren), oder ist das egal?

Hier schon einmal das nächste Log

Code:

ATTFilter

# AdwCleaner v2.004 - Datei am 11/10/2012 um 15:09:56 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : steffi - STEFFI-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\steffi\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A81A974F-8A22-43E6-9243-5198FF758DA1}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\steffi\AppData\Roaming\Mozilla\Firefox\Profiles\dqxh7hlm.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\Toni.steffi-PC\AppData\Roaming\Mozilla\Firefox\Profiles\jvvk4s8h.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\steffi\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.29] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Gelöscht [l.32] : keyword = "isearch.avg.com",
Gelöscht [l.35] : search_url = "hxxp://isearch.avg.com/search?cid={029485F2-E295-4E9F-A785-1CE3831CF7A5}&mid=556c5a20f1c047d08294d16d67eba791-1050c23cce511874963b29345d9603b65ab919da&lang=de&ds=AVG&pr=pr&d=2012-07-07 15:04:04&v=11.1.0.12&sap=dsp&q={searchTerms}",

Datei : C:\Users\Toni.steffi-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.11] : homepage = "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48",
Gelöscht [l.15] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48" ]
Gelöscht [l.1490] : homepage = "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48",
Gelöscht [l.1931] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48" ]

*************************

AdwCleaner[R1].txt - [58517 octets] - [09/10/2012 16:26:43]
AdwCleaner[R2].txt - [58578 octets] - [09/10/2012 17:28:29]
AdwCleaner[S1].txt - [53590 octets] - [09/10/2012 17:28:48]
AdwCleaner[R3].txt - [6699 octets] - [09/10/2012 17:35:29]
AdwCleaner[S2].txt - [7498 octets] - [09/10/2012 18:05:04]
AdwCleaner[S3].txt - [7074 octets] - [09/10/2012 22:58:46]
AdwCleaner[R4].txt - [2479 octets] - [10/10/2012 15:37:22]
AdwCleaner[S4].txt - [2541 octets] - [10/10/2012 16:27:43]
AdwCleaner[R5].txt - [2995 octets] - [11/10/2012 14:53:48]
AdwCleaner[S5].txt - [2928 octets] - [11/10/2012 15:09:56]

########## EOF - C:\AdwCleaner[S5].txt - [2988 octets] ##########

Also im normalen Windows funktioniert immer noch nichts :/
Dieser FastScan der sich beim Start direkt öffnet hängt sich auch auf

Irgendwie will der adwcleaner nicht alles löschen, oder?

cosinus · 11.10.2012, 15:22

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Kudoka · 11.10.2012, 15:53

Und jetzt bitte nur positives

Code:

ATTFilter

OTL logfile created on: 11.10.2012 16:34:00 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\steffi\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,24 Gb Available Physical Memory | 81,09% Memory free
7,78 Gb Paging File | 7,17 Gb Available in Paging File | 92,18% Paging File free
Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,50 Gb Total Space | 317,39 Gb Free Space | 69,22% Space Free | Partition Type: NTFS
Drive D: | 458,36 Gb Total Space | 435,95 Gb Free Space | 95,11% Space Free | Partition Type: NTFS
 
Computer Name: STEFFI-PC | User Name: steffi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.11 16:33:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\steffi\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.05.29 13:09:50 | 000,035,680 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2008.10.03 11:38:46 | 000,908,800 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.27 19:29:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.18 17:45:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [Auto | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012.01.06 21:35:21 | 000,419,624 | ---- | M] (Valve Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.11.07 10:13:24 | 000,235,232 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe -- (PCSUService)
SRV - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.10.22 15:18:54 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Users\steffi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.04.20 17:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.25 18:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.10.17 10:38:20 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.07 19:33:09 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.03.19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.01.03 18:04:33 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\seehcri.sys -- (seehcri)
DRV:64bit: - [2009.11.16 18:33:38 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.08.09 15:41:27 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.08.09 15:41:27 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.04.30 23:55:58 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2009.04.09 13:38:26 | 000,167,424 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbvoice.sys -- (ZTEusbvoice)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.04.09 13:38:26 | 000,011,776 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.04.08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.11.11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008.11.11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008.11.11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008.10.03 12:30:42 | 004,766,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008.04.28 11:02:40 | 000,055,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008.03.04 23:39:22 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys -- (psdvdisk)
DRV:64bit: - [2008.03.04 23:39:22 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys -- (PSDNServ)
DRV:64bit: - [2008.03.04 23:39:20 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2012.02.09 11:48:24 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2006.10.04 12:45:16 | 000,015,656 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0609&m=aspire_m5641
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0609&m=aspire_m5641
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.startfenster.com
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\URLSearchHook: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - No CLSID value found
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = hxxp://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=DE&install_date=20121005&user_guid=2B3D7D2912C94F4CA55A4EB5BC69E6F9&machine_id=1c328ee4814ba59e782a381e88a3d99c&browser=IE&os=win&os_version=6.0-x64-SP2&iesrc={referrer:source}
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{2560439D-506D-440A-9BD7-7274A8BC3F83}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{449E2B9E-8CDC-49FB-9FA8-C985E2466B28}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{51EFFCC8-61E7-4F82-B2A8-FD407206DD64}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{A328C9FD-C6C9-4357-8A54-838AADD0855E}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{E8C68D8B-50DB-45E5-9E06-A9351B54682E}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{F334A448-2DA9-4FE2-9F31-C936A073821A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{F9B4B5FE-9EA3-43F2-8C4C-1B65E3685D35}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.1.9
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.5.20111209014555
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.3
FF - prefs.js..extensions.enabledAddons: crossriderapp498@crossrider.com:0.76.37
FF - prefs.js..extensions.enabledAddons: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.9.0.3
FF - prefs.js..extensions.enabledAddons: ffxtlbr@Facemoods.com:1.4.1
FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.14.1.100009
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5190
FF - prefs.js..extensions.enabledItems: {E889F097-B0BE-471B-89AD-B86B6F04B506}:3.1.0.1630
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {F2DDDB92-1605-4260-9B25-45A4DAE87B50}:1.0
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:3.1.0.1840
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU-ASK&o=102349&locale=de_DE&apn_uid=6371CA51-8EDD-4E6C-9BC0-9F343C807888&apn_ptnrs=Q6&apn_sauid=31A23868-0BFC-4A90-9B33-50027775E436&apn_dtid=YYYYYYYYDE&&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer:  File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\steffi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.07 15:02:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 17:45:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.05 05:59:55 | 000,000,000 | ---D | M]
 
[2012.03.12 19:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steffi\AppData\Roaming\mozilla\Extensions
[2009.11.15 20:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steffi\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2012.10.10 13:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steffi\AppData\Roaming\mozilla\Firefox\Profiles\dqxh7hlm.default\extensions
[2012.06.06 17:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.07.26 19:39:10 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.12.11 12:53:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.09.10 21:01:08 | 000,000,000 | ---D | M] (QuestService) -- C:\Program Files (x86)\mozilla firefox\extensions\{F2DDDB92-1605-4260-9B25-45A4DAE87B50}
[2012.07.18 17:45:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.04 21:03:47 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007.12.17 19:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npkimi.dll
[2009.10.26 17:45:36 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = hxxp://isearch.avg.com/search?cid={029485F2-E295-4E9F-A785-1CE3831CF7A5}&mid=556c5a20f1c047d08294d16d67eba791-1050c23cce511874963b29345d9603b65ab919da&lang=de&ds=AVG&pr=pr&d=2012-07-07 15:04:04&v=11.1.0.12&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Imikimi.com Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npkimi.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\steffi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Skype Click to Call = C:\Users\steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: ICQ Sparberater = C:\Users\steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.3.671_0\
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3:64bit: - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc64.dll,nvsvcStart File not found
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\steffi\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Advanced System Protector_startup] C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe (Systweak)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] "C:\Avira\AntiVir Desktop\avgnt.exe" /min File not found
O4 - HKLM..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Guard.Mail.ru.gui] "C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" /gui File not found
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [PCPowerSpeed] C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe (Crawler.com)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [Facebook Update] C:\Users\steffi\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [PCSpeedUp] C:\Program Files (x86)\PC Beschleunigen\PCSpeedUp.lnk ()
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\RunOnce: [Report] C:\AdwCleaner[S7].txt ()
O4 - Startup: C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskSpace.lnk = C:\Program Files (x86)\DeskSpace\deskspace.exe (Otaku Software Pty Ltd)
O4 - Startup: C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CB39830-1911-45D8-83E2-795119A08CEF}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CA40AB2-C23D-4F2C-8C16-5477E99BC32E}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\steffi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\steffi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{35d09530-bfe8-11df-806d-0024210f4e62}\Shell - "" = AutoRun
O33 - MountPoints2\{35d09530-bfe8-11df-806d-0024210f4e62}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{35d0955c-bfe8-11df-806d-00a0c6000000}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{964a39fd-ce12-11df-b4e5-00a0c6000000}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O33 - MountPoints2\{c2ea522a-5055-11de-8290-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c2ea522a-5055-11de-8290-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTORUN\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
MsConfig:64bit - StartUpReg: EPSON SX110 Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIFBE.EXE (SEIKO EPSON CORPORATION)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: IncrediMail - hkey= - key= - C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {1FDBD6E0-7797-D354-5251-32691B77CF32} - Themes Setup
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {46710DA1-22E5-477D-F7C0-D4D6690A81FF} - Java (Sun)
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~2\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FMVC - C:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.11 16:33:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\steffi\Desktop\OTL.exe
[2012.10.10 15:36:49 | 000,000,000 | ---D | C] -- C:\Users\steffi\Desktop\Neuer Ordner (2)
[2012.10.10 15:36:32 | 000,000,000 | ---D | C] -- C:\Users\steffi\Desktop\Neuer Ordner
[2012.10.10 13:16:37 | 000,000,000 | ---D | C] -- C:\Users\steffi\Documents\Simply Super Software
[2012.10.08 23:42:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.08 23:41:33 | 002,322,184 | ---- | C] (ESET) -- C:\Users\steffi\Desktop\esetsmartinstaller_enu (1).exe
[2012.10.08 17:05:24 | 000,000,000 | ---D | C] -- C:\Users\steffi\AppData\Roaming\Malwarebytes
[2012.10.08 01:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.10.08 01:09:07 | 000,605,968 | ---- | C] (Igor Pavlov) -- C:\Windows\SysWow64\ztv7z.dll
[2012.10.08 01:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.10.08 01:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.10.07 22:19:28 | 000,000,000 | ---D | C] -- C:\Users\steffi\AppData\Local\Systweak
[2012.10.07 21:41:08 | 000,000,000 | ---D | C] -- C:\Users\steffi\AppData\Roaming\Systweak
[2012.10.07 20:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.07 20:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.07 20:53:25 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.07 20:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.07 20:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2012.10.07 20:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2012.10.07 20:18:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector
[2012.10.07 20:17:41 | 000,017,080 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2012.10.07 20:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2012.10.07 20:17:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
[2012.10.07 19:33:09 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012.10.07 03:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine
[2012.10.07 02:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbine
[2012.10.05 14:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.10.05 14:26:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.10.05 14:25:17 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012.10.05 14:25:14 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.10.05 14:25:13 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.10.05 14:25:13 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.10.05 14:25:13 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.10.05 14:25:10 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2012.10.05 14:25:10 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2012.10.05 14:25:10 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012.10.05 14:25:09 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2012.10.05 14:25:04 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.10.05 14:25:04 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.10.05 14:25:03 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.10.05 14:25:03 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.10.05 14:25:02 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.10.05 14:25:02 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.10.05 14:25:00 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012.10.05 14:24:59 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012.10.05 14:24:58 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012.10.05 14:24:58 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012.10.05 14:24:57 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012.10.05 14:24:56 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2012.10.05 14:24:56 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012.10.05 14:24:55 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012.10.05 14:24:54 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012.10.05 14:24:54 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2012.10.05 14:24:53 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2012.10.05 14:24:53 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012.10.05 14:24:53 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.10.05 14:24:41 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.10.05 14:24:40 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012.10.05 14:24:40 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2012.10.05 14:24:40 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2012.10.05 14:24:39 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012.10.05 14:24:39 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2012.10.05 14:24:38 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012.10.05 14:24:38 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012.10.05 14:24:37 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012.10.05 14:24:37 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012.10.05 14:24:37 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012.10.05 14:24:36 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012.10.05 14:24:36 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012.10.05 14:24:36 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012.10.05 14:24:36 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012.10.05 14:24:35 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012.10.05 14:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.10.05 14:18:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012.10.05 13:34:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StartNow Toolbar
[2012.10.05 13:34:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012.10.05 13:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012.10.05 13:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.10.05 13:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2012.10.05 13:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2012.10.04 23:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.10.04 21:48:28 | 000,000,000 | ---D | C] -- C:\Herr der Ringe Online
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.11 16:33:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\steffi\Desktop\OTL.exe
[2012.10.11 16:32:16 | 000,000,120 | ---- | M] () -- C:\Users\steffi\Desktop\Download.html
[2012.10.11 16:31:58 | 000,048,925 | ---- | M] () -- C:\Users\steffi\Desktop\85104-otl-otlogfile-by-oldtimer.html
[2012.10.11 16:29:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.11 16:26:04 | 000,000,853 | ---- | M] () -- C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskSpace.lnk
[2012.10.11 16:24:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.11 16:24:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.11 14:53:19 | 000,538,327 | ---- | M] () -- C:\Users\steffi\Desktop\adwcleaner.exe
[2012.10.08 23:41:56 | 002,322,184 | ---- | M] (ESET) -- C:\Users\steffi\Desktop\esetsmartinstaller_enu (1).exe
[2012.10.08 17:05:20 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.08 15:33:41 | 000,036,864 | ---- | M] () -- C:\Windows\SysNative\umstartup.etl
[2012.10.08 00:19:27 | 000,001,480 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2012.10.08 00:16:08 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\RegClean Pro.job
[2012.10.07 23:13:27 | 000,093,184 | ---- | M] () -- C:\Users\steffi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.07 20:18:31 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2012.10.07 20:17:40 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012.10.07 19:33:09 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012.10.07 19:12:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.10.07 17:39:20 | 000,385,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.07 17:36:53 | 000,011,543 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2012.10.04 21:29:46 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cda2669cfd3f7f.job
[2012.10.04 16:22:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-611026035-4186560833-2948516132-1000UA.job
[2012.09.21 12:05:36 | 000,017,080 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
 
========== Files Created - No Company Name ==========
 
[2012.10.11 16:32:16 | 000,000,120 | ---- | C] () -- C:\Users\steffi\Desktop\Download.html
[2012.10.11 16:31:52 | 000,048,925 | ---- | C] () -- C:\Users\steffi\Desktop\85104-otl-otlogfile-by-oldtimer.html
[2012.10.11 16:19:41 | 000,020,480 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ASETRES.EXE
[2012.10.11 16:19:41 | 000,001,731 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.10.11 16:19:41 | 000,001,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2012.10.11 16:08:11 | 000,001,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
[2012.10.11 16:08:11 | 000,001,075 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012.10.11 14:53:18 | 000,538,327 | ---- | C] () -- C:\Users\steffi\Desktop\adwcleaner.exe
[2012.10.08 16:30:18 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.08 01:09:07 | 000,185,616 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar39.dll
[2012.10.08 01:09:07 | 000,169,744 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2012.10.08 01:09:07 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012.10.08 01:09:07 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2012.10.08 01:09:07 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012.10.07 20:42:09 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\RegClean Pro.job
[2012.10.07 20:30:04 | 000,001,480 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2012.10.07 20:18:31 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2012.10.07 20:18:30 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2012.10.07 20:17:40 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012.10.07 17:41:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.10.07 17:38:51 | 000,385,064 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.05 14:25:03 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012.10.05 13:34:21 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.10.04 21:29:46 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cda2669cfd3f7f.job
[2012.10.04 11:13:28 | 000,000,853 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskSpace.lnk
[2012.09.25 15:31:45 | 000,001,077 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk
[2012.09.05 16:50:30 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.08.27 20:56:42 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2012.08.27 20:56:41 | 000,000,967 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.08.27 20:56:41 | 000,000,634 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.07.28 15:23:56 | 000,027,520 | ---- | C] () -- C:\Users\steffi\AppData\Local\dt.dat
[2012.07.28 15:23:33 | 004,503,728 | ---- | C] () -- C:\ProgramData\zak_lo0i7g.pad
[2012.06.07 18:17:21 | 000,001,103 | ---- | C] () -- C:\Users\steffi\pics.lnk
[2012.05.17 08:09:55 | 000,000,552 | ---- | C] () -- C:\Users\steffi\AppData\Local\d3d8caps.dat
[2012.05.17 08:09:31 | 000,001,356 | ---- | C] () -- C:\Users\steffi\AppData\Local\d3d9caps.dat
[2012.05.17 08:08:08 | 000,000,732 | ---- | C] () -- C:\Users\steffi\AppData\Local\d3d9caps64.dat
[2012.04.21 13:28:57 | 000,022,528 | -H-- | C] () -- C:\Users\steffi\photothumb.db
[2012.04.21 12:41:48 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.04.21 12:41:05 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.04.21 12:40:04 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.04.13 11:59:21 | 000,270,093 | ---- | C] () -- C:\Users\steffi\oma herz11.jpg
[2012.04.13 11:58:40 | 000,264,609 | ---- | C] () -- C:\Users\steffi\oma herz.jpg
[2012.04.13 11:50:10 | 000,309,321 | ---- | C] () -- C:\Users\steffi\deika herz.jpg
[2012.04.13 11:32:41 | 000,171,175 | ---- | C] () -- C:\Users\steffi\toni herz.jpg
[2012.04.12 12:23:28 | 000,001,576 | ---- | C] () -- C:\Users\steffi\.recently-used.xbel
[2011.12.02 11:54:53 | 000,000,000 | ---- | C] () -- C:\Users\steffi\AppData\Local\{D1532B29-5D6C-4A65-BAB1-6C28BE6FAE54}
[2011.08.30 17:24:51 | 000,000,000 | ---- | C] () -- C:\Users\steffi\AppData\Local\{34E27691-0E84-4939-8086-6529212AF7AB}
[2011.07.12 00:04:20 | 000,032,479 | ---- | C] () -- C:\Users\steffi\ahja.rtf
[2011.01.13 12:51:43 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.12.20 15:29:24 | 000,009,728 | ---- | C] () -- C:\Users\steffi\schlecker.wps
[2010.12.20 14:19:44 | 000,004,138 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\wklnhst.dat
[2009.12.13 11:32:31 | 000,000,231 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\mb3settings.xml
[2009.12.13 11:32:23 | 000,131,200 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\Tahoma_12.dds
[2009.12.13 11:32:23 | 000,004,096 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\Tahoma_12.crd
[2009.09.05 12:56:35 | 000,000,094 | ---- | C] () -- C:\Users\steffi\AppData\Local\fusioncache.dat
[2009.06.26 22:16:40 | 000,093,184 | ---- | C] () -- C:\Users\steffi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.09 13:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 00:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Acer GameZone Console
[2011.11.15 15:13:22 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\LG Electronics
[2011.08.27 14:04:22 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Vodafone
[2010.08.28 00:07:56 | 000,000,000 | -HSD | M] -- C:\Users\steffi\AppData\Roaming\.#
[2012.05.27 22:32:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\.minecraft
[2012.07.19 10:39:48 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\4 Friends Games
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Acer GameZone Console
[2012.06.18 20:40:59 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AlawarEntertainment
[2011.11.22 02:43:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AnvSoft
[2012.07.02 11:58:08 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Artogon
[2012.07.07 15:05:54 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AVG2012
[2012.07.03 21:59:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Big Fish Games
[2011.03.15 21:37:21 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\BlamGames
[2012.07.02 08:21:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Blue Tea Games
[2012.07.18 18:28:55 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Boomzap
[2011.07.31 09:59:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Canneverbe Limited
[2011.01.11 18:28:54 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\cerasus.media
[2012.07.03 19:31:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ChaYoWo Games
[2009.11.17 21:43:10 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ClubCooee
[2011.11.25 15:42:59 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2011.01.18 16:22:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DarkParablesBriarRose_BFG_SE
[2011.05.22 10:41:36 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2012.02.18 21:59:58 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DVDVideoSoft
[2012.02.18 21:57:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.22 17:13:49 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\EleFun Games
[2012.07.04 13:05:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Enki Games
[2012.07.04 11:03:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Enlightenus
[2012.07.02 15:55:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ERS G-Studio
[2012.06.19 17:47:02 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ERS Game Studios
[2009.06.27 13:00:38 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\eSobi
[2010.12.16 12:41:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Fighters
[2012.01.31 13:45:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Flood Light Games
[2009.06.27 23:41:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\FloodLightGames
[2012.07.19 19:55:13 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Friday's games
[2012.06.22 13:45:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Frogwares
[2009.06.27 23:02:48 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Gaijin Ent
[2011.07.26 09:43:55 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\go
[2012.04.12 12:23:28 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\gtk-2.0
[2012.03.09 11:00:52 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ICQ Search
[2010.12.25 17:02:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\InterTrust
[2010.08.06 07:31:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\LG Electronics
[2009.09.14 13:15:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Little Games Company
[2012.06.22 16:30:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\MA2
[2009.12.13 12:20:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Magic Academy
[2012.07.01 17:49:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Mariaglorum
[2009.12.05 10:48:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Meridian93
[2011.01.21 20:33:21 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Merscom
[2012.01.31 12:38:39 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\MyPlayCity
[2009.12.13 11:27:26 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Mysteryville2
[2011.03.22 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Namco
[2010.10.18 10:18:30 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OCS
[2011.08.03 15:55:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OpenOffice.org
[2010.10.18 10:18:35 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Opera
[2012.06.20 12:32:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Orneon
[2012.04.27 11:54:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OtakuSoftware
[2012.10.04 18:41:00 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PCPowerSpeed
[2011.01.21 15:02:09 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Phantasmat_bf_ce1
[2011.12.05 23:53:53 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PhotoScape
[2011.01.19 15:13:08 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PlayFirst
[2010.12.15 13:37:40 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PlayPond
[2011.03.24 15:35:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\QB9
[2011.09.03 15:35:14 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Red Alert 3
[2012.10.08 00:12:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Systweak
[2010.12.20 14:19:46 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Template
[2011.03.15 20:35:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TikisLab
[2012.07.19 09:10:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Top Evidence
[2011.09.23 18:31:22 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TS3Client
[2012.04.13 11:30:38 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TuneUp Software
[2009.09.05 13:03:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Turbine
[2010.07.28 20:05:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Vivox
[2010.09.14 12:15:46 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Vodafone
[2009.06.27 20:51:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Wildlife Park 2
[2012.01.31 11:29:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\YoudaGames
[2011.01.19 16:18:56 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Zylom
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Acer GameZone Console
[2011.08.27 14:07:50 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Vodafone
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\Acer GameZone Console
[2012.10.04 16:37:58 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\AVG2012
[2012.10.04 21:51:04 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\PCPowerSpeed
[2012.10.08 01:09:11 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\Simply Super Software
[2012.10.07 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\Systweak
[2011.12.01 15:24:22 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\Vodafone
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.08.28 00:07:56 | 000,000,000 | -HSD | M] -- C:\Users\steffi\AppData\Roaming\.#
[2012.05.27 22:32:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\.minecraft
[2012.07.19 10:39:48 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\4 Friends Games
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Acer GameZone Console
[2011.05.22 10:40:39 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Adobe
[2012.06.18 20:40:59 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AlawarEntertainment
[2011.11.22 02:43:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AnvSoft
[2011.09.19 22:00:01 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Apple Computer
[2012.07.02 11:58:08 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Artogon
[2009.06.26 21:51:44 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ATI
[2012.07.07 15:05:54 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AVG2012
[2012.07.03 21:59:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Big Fish Games
[2011.03.15 21:37:21 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\BlamGames
[2012.07.02 08:21:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Blue Tea Games
[2012.07.18 18:28:55 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Boomzap
[2011.07.31 09:59:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Canneverbe Limited
[2011.01.11 18:28:54 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\cerasus.media
[2012.07.03 19:31:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ChaYoWo Games
[2009.11.17 21:43:10 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ClubCooee
[2011.11.25 15:42:59 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2009.08.11 14:45:01 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\CyberLink
[2011.01.18 16:22:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DarkParablesBriarRose_BFG_SE
[2011.05.22 10:41:36 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2011.01.11 22:26:31 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DivX
[2011.08.19 20:43:43 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\dvdcss
[2012.02.18 21:59:58 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DVDVideoSoft
[2012.02.18 21:57:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.22 17:13:49 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\EleFun Games
[2012.07.04 13:05:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Enki Games
[2012.07.04 11:03:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Enlightenus
[2012.07.02 15:55:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ERS G-Studio
[2012.06.19 17:47:02 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ERS Game Studios
[2009.06.27 13:00:38 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\eSobi
[2010.12.16 12:41:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Fighters
[2010.09.14 12:21:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\FLEXnet
[2012.01.31 13:45:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Flood Light Games
[2009.06.27 23:41:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\FloodLightGames
[2012.07.19 19:55:13 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Friday's games
[2012.06.22 13:45:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Frogwares
[2009.06.27 23:02:48 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Gaijin Ent
[2011.07.26 09:43:55 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\go
[2009.08.18 21:32:13 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Google
[2012.04.12 12:23:28 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\gtk-2.0
[2012.03.09 11:00:52 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ICQ Search
[2011.01.19 16:18:56 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Identities
[2010.08.06 07:31:02 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\InstallShield
[2010.12.25 17:02:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\InterTrust
[2010.08.06 07:31:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\LG Electronics
[2009.09.14 13:15:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Little Games Company
[2012.06.22 16:30:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\MA2
[2009.06.26 21:51:44 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Macromedia
[2009.12.13 12:20:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Magic Academy
[2012.10.08 17:05:24 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Malwarebytes
[2012.07.01 17:49:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Mariaglorum
[2006.11.02 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Media Center Programs
[2009.12.05 10:48:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Meridian93
[2011.01.21 20:33:21 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Merscom
[2012.08.28 08:32:40 | 000,000,000 | --SD | M] -- C:\Users\steffi\AppData\Roaming\Microsoft
[2009.11.15 20:33:55 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Mozilla
[2012.01.31 12:38:39 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\MyPlayCity
[2009.12.13 11:27:26 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Mysteryville2
[2011.03.22 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Namco
[2010.10.18 10:18:30 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OCS
[2011.08.03 15:55:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OpenOffice.org
[2010.10.18 10:18:35 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Opera
[2012.06.20 12:32:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Orneon
[2012.04.27 11:54:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OtakuSoftware
[2012.10.04 18:41:00 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PCPowerSpeed
[2011.01.21 15:02:09 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Phantasmat_bf_ce1
[2011.12.05 23:53:53 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PhotoScape
[2011.01.19 15:13:08 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PlayFirst
[2010.12.15 13:37:40 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PlayPond
[2011.03.24 15:35:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\QB9
[2011.09.03 15:35:14 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Red Alert 3
[2009.06.28 13:11:01 | 000,000,000 | RH-D | M] -- C:\Users\steffi\AppData\Roaming\SecuROM
[2012.01.31 13:42:15 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Skype
[2011.05.29 10:16:34 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\skypePM
[2010.12.15 16:19:17 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\SunRay Games
[2012.10.08 00:12:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Systweak
[2009.09.20 22:50:15 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\teamspeak2
[2010.12.20 14:19:46 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Template
[2011.03.15 20:35:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TikisLab
[2012.07.19 09:10:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Top Evidence
[2011.09.23 18:31:22 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TS3Client
[2012.04.13 11:30:38 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TuneUp Software
[2009.09.05 13:03:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Turbine
[2010.07.28 20:05:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Vivox
[2009.06.30 16:20:21 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\vlc
[2010.09.14 12:15:46 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Vodafone
[2009.06.27 20:51:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Wildlife Park 2
[2011.04.25 14:41:17 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\WinRAR
[2012.01.31 11:29:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\YoudaGames
[2011.01.19 16:18:56 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Zylom
 
< %APPDATA%\*.exe /s >
[2011.12.17 01:28:00 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\steffi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.10.03 12:12:22 | 003,089,056 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\steffi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2011.01.11 16:54:35 | 000,010,134 | R--- | M] () -- C:\Users\steffi\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.10.22 15:18:54 | 000,106,496 | ---- | M] (OCS) -- C:\Users\steffi\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2010.10.22 15:18:54 | 000,040,960 | ---- | M] () -- C:\Users\steffi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SysNative\user32.dll
[2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
[2006.11.02 17:42:03 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 17:42:03 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.16 20:02:48 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2010.08.30 01:12:14 | 000,000,450 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for steffi.job
[2011.11.10 23:12:05 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-611026035-4186560833-2948516132-1000Core.job
[2011.11.10 23:12:05 | 000,001,142 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-611026035-4186560833-2948516132-1000UA.job
[2012.05.25 07:02:30 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.10.04 21:29:46 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cda2669cfd3f7f.job
[2012.10.07 20:42:09 | 000,000,314 | ---- | C] () -- C:\Windows\Tasks\RegClean Pro.job
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:B6DD2C7E
@Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMP:53BA2DF6
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:2CB9631F
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:2A874675
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:8B4B9596
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:12383CAE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D7D0B4AF
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CCB49694
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:59465B40
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:834DD57E
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:9FD757A9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6017A808
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:512E1728
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:B54E4B5A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6247E766
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2DF54B62
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:AABECEFB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:5B4686D7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E87AB4E3
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:DD95E6D9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2BFCDF84
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F2B5D9AD
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1D6B18F1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:4A448DB2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:F68CB1A4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5080697C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D6D084A5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A4AF8D0D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6499508E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:52C24010
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C78DADEA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E2458802
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6F0B6A5A
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DDEB08FD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:53B8C5D2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E8B61305
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3086B95F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6FE17A89
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C86B29EB
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:5E9B629B

< End of report >

cosinus · 11.10.2012, 16:11

Das Zeug ist da immer noch drin

Fürhre den adwCleaner bitte vorher mal per Rechtsklick als Administrator und mach eine neue Suche

Kudoka · 11.10.2012, 16:13

Code:

ATTFilter

# AdwCleaner v2.004 - Datei am 11/10/2012 um 17:12:25 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : steffi - STEFFI-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\steffi\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A81A974F-8A22-43E6-9243-5198FF758DA1}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\steffi\AppData\Roaming\Mozilla\Firefox\Profiles\dqxh7hlm.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\Toni.steffi-PC\AppData\Roaming\Mozilla\Firefox\Profiles\jvvk4s8h.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\steffi\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.29] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Gefunden [l.32] : keyword = "isearch.avg.com",
Gefunden [l.35] : search_url = "hxxp://isearch.avg.com/search?cid={029485F2-E295-4E9F-A785-1CE3831CF7A5}&mid=556c5a20f1c047d08294d16d67eba791-1050c23cce511874963b29345d9603b65ab919da&lang=de&ds=AVG&pr=pr&d=2012-07-07 15:04:04&v=11.1.0.12&sap=dsp&q={searchTerms}",

Datei : C:\Users\Toni.steffi-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.11] : homepage = "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48",
Gefunden [l.15] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48" ]
Gefunden [l.1490] : homepage = "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48",
Gefunden [l.1931] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48" ]

*************************

AdwCleaner[R1].txt - [58517 octets] - [09/10/2012 16:26:43]
AdwCleaner[R2].txt - [58578 octets] - [09/10/2012 17:28:29]
AdwCleaner[S1].txt - [53590 octets] - [09/10/2012 17:28:48]
AdwCleaner[R3].txt - [6699 octets] - [09/10/2012 17:35:29]
AdwCleaner[S2].txt - [7498 octets] - [09/10/2012 18:05:04]
AdwCleaner[S3].txt - [7074 octets] - [09/10/2012 22:58:46]
AdwCleaner[R4].txt - [2479 octets] - [10/10/2012 15:37:22]
AdwCleaner[S4].txt - [2541 octets] - [10/10/2012 16:27:43]
AdwCleaner[R5].txt - [2995 octets] - [11/10/2012 14:53:48]
AdwCleaner[S5].txt - [3057 octets] - [11/10/2012 15:09:56]
AdwCleaner[R6].txt - [2693 octets] - [11/10/2012 16:11:04]
AdwCleaner[S6].txt - [2755 octets] - [11/10/2012 16:11:31]
AdwCleaner[R7].txt - [2786 octets] - [11/10/2012 16:22:14]
AdwCleaner[S7].txt - [2848 octets] - [11/10/2012 16:22:48]
AdwCleaner[R8].txt - [3226 octets] - [11/10/2012 17:12:25]

########## EOF - C:\AdwCleaner[R8].txt - [3286 octets] ##########

Löschen folgt...

Code:

ATTFilter

# AdwCleaner v2.004 - Datei am 11/10/2012 um 17:13:45 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : steffi - STEFFI-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\steffi\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A81A974F-8A22-43E6-9243-5198FF758DA1}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\steffi\AppData\Roaming\Mozilla\Firefox\Profiles\dqxh7hlm.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\Toni.steffi-PC\AppData\Roaming\Mozilla\Firefox\Profiles\jvvk4s8h.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\steffi\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.29] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Gelöscht [l.32] : keyword = "isearch.avg.com",
Gelöscht [l.35] : search_url = "hxxp://isearch.avg.com/search?cid={029485F2-E295-4E9F-A785-1CE3831CF7A5}&mid=556c5a20f1c047d08294d16d67eba791-1050c23cce511874963b29345d9603b65ab919da&lang=de&ds=AVG&pr=pr&d=2012-07-07 15:04:04&v=11.1.0.12&sap=dsp&q={searchTerms}",

Datei : C:\Users\Toni.steffi-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.11] : homepage = "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48",
Gelöscht [l.15] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48" ]
Gelöscht [l.1490] : homepage = "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48",
Gelöscht [l.1931] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3242337&SearchSource=48" ]

*************************

AdwCleaner[R1].txt - [58517 octets] - [09/10/2012 16:26:43]
AdwCleaner[R2].txt - [58578 octets] - [09/10/2012 17:28:29]
AdwCleaner[S1].txt - [53590 octets] - [09/10/2012 17:28:48]
AdwCleaner[R3].txt - [6699 octets] - [09/10/2012 17:35:29]
AdwCleaner[S2].txt - [7498 octets] - [09/10/2012 18:05:04]
AdwCleaner[S3].txt - [7074 octets] - [09/10/2012 22:58:46]
AdwCleaner[R4].txt - [2479 octets] - [10/10/2012 15:37:22]
AdwCleaner[S4].txt - [2541 octets] - [10/10/2012 16:27:43]
AdwCleaner[R5].txt - [2995 octets] - [11/10/2012 14:53:48]
AdwCleaner[S5].txt - [3057 octets] - [11/10/2012 15:09:56]
AdwCleaner[R6].txt - [2693 octets] - [11/10/2012 16:11:04]
AdwCleaner[S6].txt - [2755 octets] - [11/10/2012 16:11:31]
AdwCleaner[R7].txt - [2786 octets] - [11/10/2012 16:22:14]
AdwCleaner[S7].txt - [2848 octets] - [11/10/2012 16:22:48]
AdwCleaner[R8].txt - [3355 octets] - [11/10/2012 17:12:25]
AdwCleaner[R9].txt - [3415 octets] - [11/10/2012 17:13:38]
AdwCleaner[S9].txt - [3348 octets] - [11/10/2012 17:13:45]

########## EOF - C:\AdwCleaner[S9].txt - [3408 octets] ##########

Kudoka · 11.10.2012, 21:18

Hier schon einmal der neue OTL Log:

Code:

ATTFilter

OTL logfile created on: 11.10.2012 21:56:54 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\steffi\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,32 Gb Available Physical Memory | 83,14% Memory free
7,78 Gb Paging File | 7,24 Gb Available in Paging File | 93,04% Paging File free
Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,50 Gb Total Space | 317,42 Gb Free Space | 69,23% Space Free | Partition Type: NTFS
Drive D: | 458,36 Gb Total Space | 435,95 Gb Free Space | 95,11% Space Free | Partition Type: NTFS
 
Computer Name: STEFFI-PC | User Name: steffi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.11 21:56:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\steffi\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.05.29 13:09:50 | 000,035,680 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2008.10.03 11:38:46 | 000,908,800 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.27 19:29:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.18 17:45:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [Auto | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012.01.06 21:35:21 | 000,419,624 | ---- | M] (Valve Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.11.07 10:13:24 | 000,235,232 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe -- (PCSUService)
SRV - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.10.22 15:18:54 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Users\steffi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.04.20 17:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.25 18:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.10.17 10:38:20 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.07 19:33:09 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.03.19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.01.03 18:04:33 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\seehcri.sys -- (seehcri)
DRV:64bit: - [2009.11.16 18:33:38 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.08.09 15:41:27 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.08.09 15:41:27 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.04.30 23:55:58 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2009.04.09 13:38:26 | 000,167,424 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbvoice.sys -- (ZTEusbvoice)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.04.09 13:38:26 | 000,011,776 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.04.08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.11.11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008.11.11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008.11.11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008.10.03 12:30:42 | 004,766,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008.04.28 11:02:40 | 000,055,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008.03.04 23:39:22 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys -- (psdvdisk)
DRV:64bit: - [2008.03.04 23:39:22 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys -- (PSDNServ)
DRV:64bit: - [2008.03.04 23:39:20 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2012.02.09 11:48:24 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2006.10.04 12:45:16 | 000,015,656 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0609&m=aspire_m5641
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0609&m=aspire_m5641
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.startfenster.com
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\URLSearchHook: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - No CLSID value found
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = hxxp://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=DE&install_date=20121005&user_guid=2B3D7D2912C94F4CA55A4EB5BC69E6F9&machine_id=1c328ee4814ba59e782a381e88a3d99c&browser=IE&os=win&os_version=6.0-x64-SP2&iesrc={referrer:source}
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{2560439D-506D-440A-9BD7-7274A8BC3F83}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{449E2B9E-8CDC-49FB-9FA8-C985E2466B28}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{51EFFCC8-61E7-4F82-B2A8-FD407206DD64}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{A328C9FD-C6C9-4357-8A54-838AADD0855E}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{E8C68D8B-50DB-45E5-9E06-A9351B54682E}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{F334A448-2DA9-4FE2-9F31-C936A073821A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{F9B4B5FE-9EA3-43F2-8C4C-1B65E3685D35}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.1.9
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.5.20111209014555
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.3
FF - prefs.js..extensions.enabledAddons: crossriderapp498@crossrider.com:0.76.37
FF - prefs.js..extensions.enabledAddons: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.9.0.3
FF - prefs.js..extensions.enabledAddons: ffxtlbr@Facemoods.com:1.4.1
FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.14.1.100009
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5190
FF - prefs.js..extensions.enabledItems: {E889F097-B0BE-471B-89AD-B86B6F04B506}:3.1.0.1630
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {F2DDDB92-1605-4260-9B25-45A4DAE87B50}:1.0
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:3.1.0.1840
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU-ASK&o=102349&locale=de_DE&apn_uid=6371CA51-8EDD-4E6C-9BC0-9F343C807888&apn_ptnrs=Q6&apn_sauid=31A23868-0BFC-4A90-9B33-50027775E436&apn_dtid=YYYYYYYYDE&&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer:  File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\steffi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.07 15:02:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 17:45:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.05 05:59:55 | 000,000,000 | ---D | M]
 
[2012.03.12 19:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steffi\AppData\Roaming\mozilla\Extensions
[2009.11.15 20:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steffi\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2012.10.10 13:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steffi\AppData\Roaming\mozilla\Firefox\Profiles\dqxh7hlm.default\extensions
[2012.06.06 17:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.07.26 19:39:10 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.12.11 12:53:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.09.10 21:01:08 | 000,000,000 | ---D | M] (QuestService) -- C:\Program Files (x86)\mozilla firefox\extensions\{F2DDDB92-1605-4260-9B25-45A4DAE87B50}
[2012.07.18 17:45:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.04 21:03:47 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007.12.17 19:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npkimi.dll
[2009.10.26 17:45:36 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = hxxp://isearch.avg.com/search?cid={029485F2-E295-4E9F-A785-1CE3831CF7A5}&mid=556c5a20f1c047d08294d16d67eba791-1050c23cce511874963b29345d9603b65ab919da&lang=de&ds=AVG&pr=pr&d=2012-07-07 15:04:04&v=11.1.0.12&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Imikimi.com Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npkimi.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\steffi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Skype Click to Call = C:\Users\steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: ICQ Sparberater = C:\Users\steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.3.671_0\
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3:64bit: - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc64.dll,nvsvcStart File not found
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\steffi\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Advanced System Protector_startup] C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe (Systweak)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] "C:\Avira\AntiVir Desktop\avgnt.exe" /min File not found
O4 - HKLM..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Guard.Mail.ru.gui] "C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" /gui File not found
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [PCPowerSpeed] C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe (Crawler.com)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [Facebook Update] C:\Users\steffi\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [PCSpeedUp] C:\Program Files (x86)\PC Beschleunigen\PCSpeedUp.lnk ()
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\RunOnce: [Report] C:\AdwCleaner[S9].txt ()
O4 - Startup: C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskSpace.lnk = C:\Program Files (x86)\DeskSpace\deskspace.exe (Otaku Software Pty Ltd)
O4 - Startup: C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CB39830-1911-45D8-83E2-795119A08CEF}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CA40AB2-C23D-4F2C-8C16-5477E99BC32E}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\steffi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\steffi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{35d09530-bfe8-11df-806d-0024210f4e62}\Shell - "" = AutoRun
O33 - MountPoints2\{35d09530-bfe8-11df-806d-0024210f4e62}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{35d0955c-bfe8-11df-806d-00a0c6000000}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{964a39fd-ce12-11df-b4e5-00a0c6000000}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O33 - MountPoints2\{c2ea522a-5055-11de-8290-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c2ea522a-5055-11de-8290-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTORUN\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
MsConfig:64bit - StartUpReg: EPSON SX110 Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIFBE.EXE (SEIKO EPSON CORPORATION)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: IncrediMail - hkey= - key= - C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {1FDBD6E0-7797-D354-5251-32691B77CF32} - Themes Setup
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {46710DA1-22E5-477D-F7C0-D4D6690A81FF} - Java (Sun)
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~2\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FMVC - C:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.11 21:56:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\steffi\Desktop\OTL.exe
[2012.10.10 15:36:49 | 000,000,000 | ---D | C] -- C:\Users\steffi\Desktop\Neuer Ordner (2)
[2012.10.10 15:36:32 | 000,000,000 | ---D | C] -- C:\Users\steffi\Desktop\Neuer Ordner
[2012.10.10 13:16:37 | 000,000,000 | ---D | C] -- C:\Users\steffi\Documents\Simply Super Software
[2012.10.08 23:42:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.08 23:41:33 | 002,322,184 | ---- | C] (ESET) -- C:\Users\steffi\Desktop\esetsmartinstaller_enu (1).exe
[2012.10.08 17:05:24 | 000,000,000 | ---D | C] -- C:\Users\steffi\AppData\Roaming\Malwarebytes
[2012.10.08 01:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.10.08 01:09:07 | 000,605,968 | ---- | C] (Igor Pavlov) -- C:\Windows\SysWow64\ztv7z.dll
[2012.10.08 01:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.10.08 01:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.10.07 22:19:28 | 000,000,000 | ---D | C] -- C:\Users\steffi\AppData\Local\Systweak
[2012.10.07 21:41:08 | 000,000,000 | ---D | C] -- C:\Users\steffi\AppData\Roaming\Systweak
[2012.10.07 20:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.07 20:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.07 20:53:25 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.07 20:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.07 20:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2012.10.07 20:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2012.10.07 20:18:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector
[2012.10.07 20:17:41 | 000,017,080 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2012.10.07 20:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2012.10.07 20:17:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
[2012.10.07 19:33:09 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012.10.07 03:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine
[2012.10.07 02:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbine
[2012.10.05 14:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.10.05 14:26:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.10.05 14:25:17 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012.10.05 14:25:14 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.10.05 14:25:13 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.10.05 14:25:13 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.10.05 14:25:13 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.10.05 14:25:10 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2012.10.05 14:25:10 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2012.10.05 14:25:10 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012.10.05 14:25:09 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2012.10.05 14:25:04 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.10.05 14:25:04 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.10.05 14:25:03 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.10.05 14:25:03 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.10.05 14:25:02 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.10.05 14:25:02 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.10.05 14:25:00 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012.10.05 14:24:59 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012.10.05 14:24:58 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012.10.05 14:24:58 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012.10.05 14:24:57 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012.10.05 14:24:56 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2012.10.05 14:24:56 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012.10.05 14:24:55 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012.10.05 14:24:54 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012.10.05 14:24:54 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2012.10.05 14:24:53 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2012.10.05 14:24:53 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012.10.05 14:24:53 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.10.05 14:24:41 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.10.05 14:24:40 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012.10.05 14:24:40 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2012.10.05 14:24:40 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2012.10.05 14:24:39 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012.10.05 14:24:39 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2012.10.05 14:24:38 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012.10.05 14:24:38 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012.10.05 14:24:37 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012.10.05 14:24:37 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012.10.05 14:24:37 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012.10.05 14:24:36 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012.10.05 14:24:36 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012.10.05 14:24:36 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012.10.05 14:24:36 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012.10.05 14:24:35 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012.10.05 14:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.10.05 14:18:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012.10.05 13:34:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StartNow Toolbar
[2012.10.05 13:34:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012.10.05 13:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012.10.05 13:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.10.05 13:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2012.10.05 13:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2012.10.04 23:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.10.04 21:48:28 | 000,000,000 | ---D | C] -- C:\Herr der Ringe Online
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.11 21:56:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\steffi\Desktop\OTL.exe
[2012.10.11 21:49:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.11 21:07:44 | 000,000,853 | ---- | M] () -- C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskSpace.lnk
[2012.10.11 21:06:20 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.11 21:06:20 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.11 16:32:16 | 000,000,120 | ---- | M] () -- C:\Users\steffi\Desktop\Download.html
[2012.10.08 23:41:56 | 002,322,184 | ---- | M] (ESET) -- C:\Users\steffi\Desktop\esetsmartinstaller_enu (1).exe
[2012.10.08 17:05:20 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.08 15:33:41 | 000,036,864 | ---- | M] () -- C:\Windows\SysNative\umstartup.etl
[2012.10.08 00:19:27 | 000,001,480 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2012.10.08 00:16:08 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\RegClean Pro.job
[2012.10.07 23:13:27 | 000,093,184 | ---- | M] () -- C:\Users\steffi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.07 20:18:31 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2012.10.07 20:17:40 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012.10.07 19:33:09 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012.10.07 19:12:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.10.07 17:39:20 | 000,385,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.07 17:36:53 | 000,011,543 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2012.10.04 21:29:46 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cda2669cfd3f7f.job
[2012.10.04 16:22:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-611026035-4186560833-2948516132-1000UA.job
[2012.09.21 12:05:36 | 000,017,080 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
 
========== Files Created - No Company Name ==========
 
[2012.10.11 16:32:16 | 000,000,120 | ---- | C] () -- C:\Users\steffi\Desktop\Download.html
[2012.10.11 16:19:41 | 000,020,480 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ASETRES.EXE
[2012.10.11 16:19:41 | 000,001,731 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.10.11 16:19:41 | 000,001,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2012.10.11 16:08:11 | 000,001,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
[2012.10.11 16:08:11 | 000,001,075 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012.10.08 16:30:18 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.08 01:09:07 | 000,185,616 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar39.dll
[2012.10.08 01:09:07 | 000,169,744 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2012.10.08 01:09:07 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012.10.08 01:09:07 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2012.10.08 01:09:07 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012.10.07 20:42:09 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\RegClean Pro.job
[2012.10.07 20:30:04 | 000,001,480 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2012.10.07 20:18:31 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2012.10.07 20:18:30 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2012.10.07 20:17:40 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012.10.07 17:41:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.10.07 17:38:51 | 000,385,064 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.05 14:25:03 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012.10.05 13:34:21 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.10.04 21:29:46 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cda2669cfd3f7f.job
[2012.10.04 11:13:28 | 000,000,853 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskSpace.lnk
[2012.09.25 15:31:45 | 000,001,077 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk
[2012.09.05 16:50:30 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.08.27 20:56:42 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2012.08.27 20:56:41 | 000,000,967 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.08.27 20:56:41 | 000,000,634 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.07.28 15:23:56 | 000,027,520 | ---- | C] () -- C:\Users\steffi\AppData\Local\dt.dat
[2012.07.28 15:23:33 | 004,503,728 | ---- | C] () -- C:\ProgramData\zak_lo0i7g.pad
[2012.06.07 18:17:21 | 000,001,103 | ---- | C] () -- C:\Users\steffi\pics.lnk
[2012.05.17 08:09:55 | 000,000,552 | ---- | C] () -- C:\Users\steffi\AppData\Local\d3d8caps.dat
[2012.05.17 08:09:31 | 000,001,356 | ---- | C] () -- C:\Users\steffi\AppData\Local\d3d9caps.dat
[2012.05.17 08:08:08 | 000,000,732 | ---- | C] () -- C:\Users\steffi\AppData\Local\d3d9caps64.dat
[2012.04.21 13:28:57 | 000,022,528 | -H-- | C] () -- C:\Users\steffi\photothumb.db
[2012.04.21 12:41:48 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.04.21 12:41:05 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.04.21 12:40:04 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.04.13 11:59:21 | 000,270,093 | ---- | C] () -- C:\Users\steffi\oma herz11.jpg
[2012.04.13 11:58:40 | 000,264,609 | ---- | C] () -- C:\Users\steffi\oma herz.jpg
[2012.04.13 11:50:10 | 000,309,321 | ---- | C] () -- C:\Users\steffi\deika herz.jpg
[2012.04.13 11:32:41 | 000,171,175 | ---- | C] () -- C:\Users\steffi\toni herz.jpg
[2012.04.12 12:23:28 | 000,001,576 | ---- | C] () -- C:\Users\steffi\.recently-used.xbel
[2011.12.02 11:54:53 | 000,000,000 | ---- | C] () -- C:\Users\steffi\AppData\Local\{D1532B29-5D6C-4A65-BAB1-6C28BE6FAE54}
[2011.08.30 17:24:51 | 000,000,000 | ---- | C] () -- C:\Users\steffi\AppData\Local\{34E27691-0E84-4939-8086-6529212AF7AB}
[2011.07.12 00:04:20 | 000,032,479 | ---- | C] () -- C:\Users\steffi\ahja.rtf
[2011.01.13 12:51:43 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.12.20 15:29:24 | 000,009,728 | ---- | C] () -- C:\Users\steffi\schlecker.wps
[2010.12.20 14:19:44 | 000,004,138 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\wklnhst.dat
[2009.12.13 11:32:31 | 000,000,231 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\mb3settings.xml
[2009.12.13 11:32:23 | 000,131,200 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\Tahoma_12.dds
[2009.12.13 11:32:23 | 000,004,096 | ---- | C] () -- C:\Users\steffi\AppData\Roaming\Tahoma_12.crd
[2009.09.05 12:56:35 | 000,000,094 | ---- | C] () -- C:\Users\steffi\AppData\Local\fusioncache.dat
[2009.06.26 22:16:40 | 000,093,184 | ---- | C] () -- C:\Users\steffi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.09 13:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 00:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Acer GameZone Console
[2011.11.15 15:13:22 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\LG Electronics
[2011.08.27 14:04:22 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Vodafone
[2010.08.28 00:07:56 | 000,000,000 | -HSD | M] -- C:\Users\steffi\AppData\Roaming\.#
[2012.05.27 22:32:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\.minecraft
[2012.07.19 10:39:48 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\4 Friends Games
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Acer GameZone Console
[2012.06.18 20:40:59 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AlawarEntertainment
[2011.11.22 02:43:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AnvSoft
[2012.07.02 11:58:08 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Artogon
[2012.07.07 15:05:54 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AVG2012
[2012.07.03 21:59:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Big Fish Games
[2011.03.15 21:37:21 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\BlamGames
[2012.07.02 08:21:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Blue Tea Games
[2012.07.18 18:28:55 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Boomzap
[2011.07.31 09:59:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Canneverbe Limited
[2011.01.11 18:28:54 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\cerasus.media
[2012.07.03 19:31:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ChaYoWo Games
[2009.11.17 21:43:10 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ClubCooee
[2011.11.25 15:42:59 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2011.01.18 16:22:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DarkParablesBriarRose_BFG_SE
[2011.05.22 10:41:36 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2012.02.18 21:59:58 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DVDVideoSoft
[2012.02.18 21:57:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.22 17:13:49 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\EleFun Games
[2012.07.04 13:05:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Enki Games
[2012.07.04 11:03:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Enlightenus
[2012.07.02 15:55:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ERS G-Studio
[2012.06.19 17:47:02 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ERS Game Studios
[2009.06.27 13:00:38 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\eSobi
[2010.12.16 12:41:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Fighters
[2012.01.31 13:45:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Flood Light Games
[2009.06.27 23:41:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\FloodLightGames
[2012.07.19 19:55:13 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Friday's games
[2012.06.22 13:45:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Frogwares
[2009.06.27 23:02:48 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Gaijin Ent
[2011.07.26 09:43:55 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\go
[2012.04.12 12:23:28 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\gtk-2.0
[2012.03.09 11:00:52 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ICQ Search
[2010.12.25 17:02:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\InterTrust
[2010.08.06 07:31:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\LG Electronics
[2009.09.14 13:15:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Little Games Company
[2012.06.22 16:30:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\MA2
[2009.12.13 12:20:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Magic Academy
[2012.07.01 17:49:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Mariaglorum
[2009.12.05 10:48:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Meridian93
[2011.01.21 20:33:21 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Merscom
[2012.01.31 12:38:39 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\MyPlayCity
[2009.12.13 11:27:26 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Mysteryville2
[2011.03.22 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Namco
[2010.10.18 10:18:30 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OCS
[2011.08.03 15:55:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OpenOffice.org
[2010.10.18 10:18:35 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Opera
[2012.06.20 12:32:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Orneon
[2012.04.27 11:54:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OtakuSoftware
[2012.10.04 18:41:00 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PCPowerSpeed
[2011.01.21 15:02:09 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Phantasmat_bf_ce1
[2011.12.05 23:53:53 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PhotoScape
[2011.01.19 15:13:08 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PlayFirst
[2010.12.15 13:37:40 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PlayPond
[2011.03.24 15:35:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\QB9
[2011.09.03 15:35:14 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Red Alert 3
[2012.10.08 00:12:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Systweak
[2010.12.20 14:19:46 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Template
[2011.03.15 20:35:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TikisLab
[2012.07.19 09:10:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Top Evidence
[2011.09.23 18:31:22 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TS3Client
[2012.04.13 11:30:38 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TuneUp Software
[2009.09.05 13:03:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Turbine
[2010.07.28 20:05:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Vivox
[2010.09.14 12:15:46 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Vodafone
[2009.06.27 20:51:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Wildlife Park 2
[2012.01.31 11:29:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\YoudaGames
[2011.01.19 16:18:56 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Zylom
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Acer GameZone Console
[2011.08.27 14:07:50 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Vodafone
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\Acer GameZone Console
[2012.10.04 16:37:58 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\AVG2012
[2012.10.04 21:51:04 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\PCPowerSpeed
[2012.10.08 01:09:11 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\Simply Super Software
[2012.10.07 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\Systweak
[2011.12.01 15:24:22 | 000,000,000 | ---D | M] -- C:\Users\Toni.steffi-PC\AppData\Roaming\Vodafone
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.08.28 00:07:56 | 000,000,000 | -HSD | M] -- C:\Users\steffi\AppData\Roaming\.#
[2012.05.27 22:32:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\.minecraft
[2012.07.19 10:39:48 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\4 Friends Games
[2008.08.12 23:59:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Acer GameZone Console
[2011.05.22 10:40:39 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Adobe
[2012.06.18 20:40:59 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AlawarEntertainment
[2011.11.22 02:43:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AnvSoft
[2011.09.19 22:00:01 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Apple Computer
[2012.07.02 11:58:08 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Artogon
[2009.06.26 21:51:44 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ATI
[2012.07.07 15:05:54 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\AVG2012
[2012.07.03 21:59:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Big Fish Games
[2011.03.15 21:37:21 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\BlamGames
[2012.07.02 08:21:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Blue Tea Games
[2012.07.18 18:28:55 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Boomzap
[2011.07.31 09:59:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Canneverbe Limited
[2011.01.11 18:28:54 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\cerasus.media
[2012.07.03 19:31:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ChaYoWo Games
[2009.11.17 21:43:10 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ClubCooee
[2011.11.25 15:42:59 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2009.08.11 14:45:01 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\CyberLink
[2011.01.18 16:22:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DarkParablesBriarRose_BFG_SE
[2011.05.22 10:41:36 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2011.01.11 22:26:31 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DivX
[2011.08.19 20:43:43 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\dvdcss
[2012.02.18 21:59:58 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DVDVideoSoft
[2012.02.18 21:57:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.22 17:13:49 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\EleFun Games
[2012.07.04 13:05:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Enki Games
[2012.07.04 11:03:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Enlightenus
[2012.07.02 15:55:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ERS G-Studio
[2012.06.19 17:47:02 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ERS Game Studios
[2009.06.27 13:00:38 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\eSobi
[2010.12.16 12:41:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Fighters
[2010.09.14 12:21:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\FLEXnet
[2012.01.31 13:45:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Flood Light Games
[2009.06.27 23:41:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\FloodLightGames
[2012.07.19 19:55:13 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Friday's games
[2012.06.22 13:45:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Frogwares
[2009.06.27 23:02:48 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Gaijin Ent
[2011.07.26 09:43:55 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\go
[2009.08.18 21:32:13 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Google
[2012.04.12 12:23:28 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\gtk-2.0
[2012.03.09 11:00:52 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\ICQ Search
[2011.01.19 16:18:56 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Identities
[2010.08.06 07:31:02 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\InstallShield
[2010.12.25 17:02:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\InterTrust
[2010.08.06 07:31:29 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\LG Electronics
[2009.09.14 13:15:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Little Games Company
[2012.06.22 16:30:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\MA2
[2009.06.26 21:51:44 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Macromedia
[2009.12.13 12:20:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Magic Academy
[2012.10.08 17:05:24 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Malwarebytes
[2012.07.01 17:49:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Mariaglorum
[2006.11.02 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Media Center Programs
[2009.12.05 10:48:03 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Meridian93
[2011.01.21 20:33:21 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Merscom
[2012.08.28 08:32:40 | 000,000,000 | --SD | M] -- C:\Users\steffi\AppData\Roaming\Microsoft
[2009.11.15 20:33:55 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Mozilla
[2012.01.31 12:38:39 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\MyPlayCity
[2009.12.13 11:27:26 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Mysteryville2
[2011.03.22 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Namco
[2010.10.18 10:18:30 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OCS
[2011.08.03 15:55:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OpenOffice.org
[2010.10.18 10:18:35 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Opera
[2012.06.20 12:32:33 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Orneon
[2012.04.27 11:54:37 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\OtakuSoftware
[2012.10.04 18:41:00 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PCPowerSpeed
[2011.01.21 15:02:09 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Phantasmat_bf_ce1
[2011.12.05 23:53:53 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PhotoScape
[2011.01.19 15:13:08 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PlayFirst
[2010.12.15 13:37:40 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\PlayPond
[2011.03.24 15:35:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\QB9
[2011.09.03 15:35:14 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Red Alert 3
[2009.06.28 13:11:01 | 000,000,000 | RH-D | M] -- C:\Users\steffi\AppData\Roaming\SecuROM
[2012.01.31 13:42:15 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Skype
[2011.05.29 10:16:34 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\skypePM
[2010.12.15 16:19:17 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\SunRay Games
[2012.10.08 00:12:45 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Systweak
[2009.09.20 22:50:15 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\teamspeak2
[2010.12.20 14:19:46 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Template
[2011.03.15 20:35:12 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TikisLab
[2012.07.19 09:10:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Top Evidence
[2011.09.23 18:31:22 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TS3Client
[2012.04.13 11:30:38 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\TuneUp Software
[2009.09.05 13:03:20 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Turbine
[2010.07.28 20:05:32 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Vivox
[2009.06.30 16:20:21 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\vlc
[2010.09.14 12:15:46 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Vodafone
[2009.06.27 20:51:27 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Wildlife Park 2
[2011.04.25 14:41:17 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\WinRAR
[2012.01.31 11:29:41 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\YoudaGames
[2011.01.19 16:18:56 | 000,000,000 | ---D | M] -- C:\Users\steffi\AppData\Roaming\Zylom
 
< %APPDATA%\*.exe /s >
[2011.12.17 01:28:00 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\steffi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.10.03 12:12:22 | 003,089,056 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\steffi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2011.01.11 16:54:35 | 000,010,134 | R--- | M] () -- C:\Users\steffi\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.10.22 15:18:54 | 000,106,496 | ---- | M] (OCS) -- C:\Users\steffi\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2010.10.22 15:18:54 | 000,040,960 | ---- | M] () -- C:\Users\steffi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SysNative\user32.dll
[2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
[2006.11.02 17:42:03 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 17:42:03 | 000,032,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.16 20:02:48 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2010.08.30 01:12:14 | 000,000,450 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for steffi.job
[2011.11.10 23:12:05 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-611026035-4186560833-2948516132-1000Core.job
[2011.11.10 23:12:05 | 000,001,142 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-611026035-4186560833-2948516132-1000UA.job
[2012.05.25 07:02:30 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.10.04 21:29:46 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cda2669cfd3f7f.job
[2012.10.07 20:42:09 | 000,000,314 | ---- | C] () -- C:\Windows\Tasks\RegClean Pro.job
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:B6DD2C7E
@Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMP:53BA2DF6
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:2CB9631F
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:2A874675
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:8B4B9596
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:12383CAE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D7D0B4AF
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CCB49694
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:59465B40
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:834DD57E
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:9FD757A9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6017A808
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:512E1728
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:B54E4B5A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6247E766
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2DF54B62
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:AABECEFB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:5B4686D7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E87AB4E3
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:DD95E6D9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2BFCDF84
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F2B5D9AD
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1D6B18F1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:4A448DB2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:F68CB1A4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5080697C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D6D084A5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A4AF8D0D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6499508E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:52C24010
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C78DADEA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E2458802
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6F0B6A5A
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DDEB08FD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:53B8C5D2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E8B61305
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3086B95F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6FE17A89
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C86B29EB
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:5E9B629B

< End of report >

Irgendwie kommt immer wieder das selbe, obwohl der adwCleaner alles gelöscht hat :/

cosinus · 12.10.2012, 11:52

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
SRV - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.startfenster.com
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=DE&install_date=20121005&user_guid=2B3D7D2912C94F4CA55A4EB5BC69E6F9&machine_id=1c328ee4814ba59e782a381e88a3d99c&browser=IE&os=win&os_version=6.0-x64-SP2&iesrc={referrer:source}
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{2560439D-506D-440A-9BD7-7274A8BC3F83}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{449E2B9E-8CDC-49FB-9FA8-C985E2466B28}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{51EFFCC8-61E7-4F82-B2A8-FD407206DD64}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{A328C9FD-C6C9-4357-8A54-838AADD0855E}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{E8C68D8B-50DB-45E5-9E06-A9351B54682E}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{F334A448-2DA9-4FE2-9F31-C936A073821A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW
IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{F9B4B5FE-9EA3-43F2-8C4C-1B65E3685D35}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.1.9
FF - prefs.js..extensions.enabledAddons: ffxtlbr@Facemoods.com:1.4.1
FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.14.1.100009
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU-ASK&o=102349&locale=de_DE&apn_uid=6371CA51-8EDD-4E6C-9BC0-9F343C807888&apn_ptnrs=Q6&apn_sauid=31A23868-0BFC-4A90-9B33-50027775E436&apn_dtid=YYYYYYYYDE&&q="
FF - user.js - File not found
[2010.07.26 19:39:10 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] "C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" /gui File not found
O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O33 - MountPoints2\{35d0955c-bfe8-11df-806d-00a0c6000000}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:B6DD2C7E
@Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMP:53BA2DF6
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:2CB9631F
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:2A874675
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:8B4B9596
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:12383CAE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D7D0B4AF
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CCB49694
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:59465B40
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:834DD57E
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:9FD757A9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6017A808
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:512E1728
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:B54E4B5A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6247E766
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2DF54B62
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:AABECEFB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:5B4686D7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E87AB4E3
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:DD95E6D9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2BFCDF84
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F2B5D9AD
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1D6B18F1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:4A448DB2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:F68CB1A4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5080697C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D6D084A5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A4AF8D0D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6499508E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:52C24010
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C78DADEA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E2458802
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6F0B6A5A
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DDEB08FD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:53B8C5D2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E8B61305
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3086B95F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6FE17A89
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C86B29EB
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:5E9B629B
:Files
C:\Program Files (x86)\ICQ6Toolbar
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
C:\Program Files (x86)\Advanced System Protector
C:\Program Files (x86)\StartNow Toolbar
C:\Users\steffi\AppData\Roaming\.#
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Kudoka · 12.10.2012, 11:58

Nun die Fix Datei:

Code:

ATTFilter

All processes killed
Error: Unable to interpret <SRV - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)> in the current context!
Error: Unable to interpret <IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.startfenster.com> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = hxxp://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=DE&install_date=20121005&user_guid=2B3D7D2912C94F4CA55A4EB5BC69E6F9&machine_id=1c328ee4814ba59e782a381e88a3d99c&browser=IE&os=win&os_version=6.0-x64-SP2&iesrc={referrer:source}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{2560439D-506D-440A-9BD7-7274A8BC3F83}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{449E2B9E-8CDC-49FB-9FA8-C985E2466B28}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{51EFFCC8-61E7-4F82-B2A8-FD407206DD64}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{A328C9FD-C6C9-4357-8A54-838AADD0855E}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{E8C68D8B-50DB-45E5-9E06-A9351B54682E}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{F334A448-2DA9-4FE2-9F31-C936A073821A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-611026035-4186560833-2948516132-1000\..\SearchScopes\{F9B4B5FE-9EA3-43F2-8C4C-1B65E3685D35}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=3d3730cd-9ecf-4358-999d-f026de8ee46f&pid=icqt&mode=bounce&k=0> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaultengine: "Ask.com"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaultthis.engineName: "Search"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.order.1: "Ask.com"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.1.9> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledAddons: ffxtlbr@Facemoods.com:1.4.1> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.14.1.100009> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3> in the current context!
Error: Unable to interpret <FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU-ASK&o=102349&locale=de_DE&apn_uid=6371CA51-8EDD-4E6C-9BC0-9F343C807888&apn_ptnrs=Q6&apn_sauid=31A23868-0BFC-4A90-9B33-50027775E436&apn_dtid=YYYYYYYYDE&&q="> in the current context!
Error: Unable to interpret <FF - user.js - File not found> in the current context!
Error: Unable to interpret <[2010.07.26 19:39:10 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.> in the current context!
Error: Unable to interpret <O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Guard.Mail.ru.gui] "C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" /gui File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-611026035-4186560833-2948516132-1000..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{35d0955c-bfe8-11df-806d-00a0c6000000}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:B6DD2C7E> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMP:53BA2DF6> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:737160C1> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:2CB9631F> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:2A874675> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:8B4B9596> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:9BAC4211> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:12383CAE> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D7D0B4AF> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CCB49694> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:59465B40> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:834DD57E> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:2AE74FF9> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:9FD757A9> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6017A808> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:512E1728> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:B54E4B5A> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6247E766> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2DF54B62> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:AABECEFB> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:861A898F> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:5B4686D7> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:193426B4> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E87AB4E3> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:DD95E6D9> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2BFCDF84> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F2B5D9AD> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1D6B18F1> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:4A448DB2> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:F68CB1A4> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5080697C> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D6D084A5> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A4AF8D0D> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6499508E> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8AB6C1D7> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:89A5891E> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:52C24010> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C78DADEA> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C22674B6> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E2458802> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8173A019> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6F0B6A5A> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DDEB08FD> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F84B8DB5> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:53B8C5D2> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4BB26BE9> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E8B61305> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E2CFA9CD> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C6EBC69> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:FC420CE6> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3086B95F> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4CF61E54> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:774A0E14> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6FE17A89> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E36F5B57> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C86B29EB> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:FEBEC560> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:131C0EE9> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:3E06C78F> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:B623B5B8> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:793F316E> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9F683177> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:5E9B629B> in the current context!
========== FILES ==========
C:\Program Files (x86)\ICQ6Toolbar\1010181008 folder moved successfully.
C:\Program Files (x86)\ICQ6Toolbar folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector folder moved successfully.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter folder moved successfully.
C:\Program Files (x86)\Advanced System Protector\clamunpack folder moved successfully.
C:\Program Files (x86)\Advanced System Protector folder moved successfully.
C:\Program Files (x86)\StartNow Toolbar\Resources\skin folder moved successfully.
C:\Program Files (x86)\StartNow Toolbar\Resources\images folder moved successfully.
C:\Program Files (x86)\StartNow Toolbar\Resources folder moved successfully.
C:\Program Files (x86)\StartNow Toolbar folder moved successfully.
C:\Users\steffi\AppData\Roaming\.# folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\steffi\Desktop\cmd.bat deleted successfully.
C:\Users\steffi\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 692037 bytes
->Temporary Internet Files folder emptied: 420864 bytes
->Flash cache emptied: 56543 bytes
 
User: Public
 
User: steffi
->Temp folder emptied: 228345356 bytes
->Temporary Internet Files folder emptied: 3538693 bytes
->Java cache emptied: 19232800 bytes
->FireFox cache emptied: 1097884554 bytes
->Google Chrome cache emptied: 9249919 bytes
->Flash cache emptied: 3156017 bytes
 
User: Toni
->Temp folder emptied: 34704 bytes
->Temporary Internet Files folder emptied: 53001 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 56543 bytes
 
User: Toni.steffi-PC
->Temp folder emptied: 64646845 bytes
->Temporary Internet Files folder emptied: 5139060 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6171062 bytes
->Google Chrome cache emptied: 81475914 bytes
->Flash cache emptied: 56974 bytes
 
User: TONI~1~STE
->Temp folder emptied: 142905413 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27738344 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 58985636 bytes
RecycleBin emptied: 4326349 bytes
 
Total Files Cleaned = 1.673,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10122012_131501

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 12.10.2012, 14:35

Bitte wiederholen, irgendwie fehlt die erste Zeile im Fixscript (:OTL) - ich hab es schon in meinem letzten Post korrigiert

Kudoka · 12.10.2012, 14:55

Code:

ATTFilter

All processes killed
========== OTL ==========
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
File C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
HKU\S-1-5-21-611026035-4186560833-2948516132-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Restore| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-611026035-4186560833-2948516132-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry key HKEY_USERS\S-1-5-21-611026035-4186560833-2948516132-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0388404D-6072-4CEB-B521-8F090FEAEE57}\ not found.
Registry key HKEY_USERS\S-1-5-21-611026035-4186560833-2948516132-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2560439D-506D-440A-9BD7-7274A8BC3F83}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2560439D-506D-440A-9BD7-7274A8BC3F83}\ not found.
Registry key HKEY_USERS\S-1-5-21-611026035-4186560833-2948516132-1000\Software\Microsoft\Internet Explorer\SearchScopes\{449E2B9E-8CDC-49FB-9FA8-C985E2466B28}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{449E2B9E-8CDC-49FB-9FA8-C985E2466B28}\ not found.
Registry key HKEY_USERS\S-1-5-21-611026035-4186560833-2948516132-1000\Software\Microsoft\Internet Explorer\SearchScopes\{51EFFCC8-61E7-4F82-B2A8-FD407206DD64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51EFFCC8-61E7-4F82-B2A8-FD407206DD64}\ not found.
Registry key HKEY_USERS\S-1-5-21-611026035-4186560833-2948516132-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-611026035-4186560833-2948516132-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\S-1-5-21-611026035-4186560833-2948516132-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A328C9FD-C6C9-4357-8A54-838AADD0855E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A328C9FD-C6C9-4357-8A54-838AADD0855E}\ not found.
Registry key HKEY_USERS\S-1-5-21-611026035-4186560833-2948516132-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E8C68D8B-50DB-45E5-9E06-A9351B54682E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8C68D8B-50DB-45E5-9E06-A9351B54682E}\ not found.
Registry key HKEY_USERS\S-1-5-21-611026035-4186560833-2948516132-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F334A448-2DA9-4FE2-9F31-C936A073821A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F334A448-2DA9-4FE2-9F31-C936A073821A}\ not found.
Registry key HKEY_USERS\S-1-5-21-611026035-4186560833-2948516132-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F9B4B5FE-9EA3-43F2-8C4C-1B65E3685D35}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9B4B5FE-9EA3-43F2-8C4C-1B65E3685D35}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Prefs.js: ffxtlbr@babylon.com:1.1.9 removed from extensions.enabledAddons
Prefs.js: ffxtlbr@Facemoods.com:1.4.1 removed from extensions.enabledAddons
Prefs.js: toolbar@ask.com:3.14.1.100009 removed from extensions.enabledAddons
Prefs.js: toolbar@ask.com:3.9.1.14019 removed from extensions.enabledItems
Prefs.js: ffxtlbr@babylon.com:1.1.3 removed from extensions.enabledItems
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU-ASK&o=102349&locale=de_DE&apn_uid=6371CA51-8EDD-4E6C-9BC0-9F343C807888&apn_ptnrs=Q6&apn_sauid=31A23868-0BFC-4A90-9B33-50027775E436&apn_dtid=YYYYYYYYDE&&q=" removed from keyword.URL
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}\ deleted successfully.
C:\Program Files (x86)\icq\Internet Explorer\icq.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Guard.Mail.ru.gui deleted successfully.
Registry value HKEY_USERS\S-1-5-21-611026035-4186560833-2948516132-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35d0955c-bfe8-11df-806d-00a0c6000000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35d0955c-bfe8-11df-806d-00a0c6000000}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
ADS C:\ProgramData\TEMP:B6DD2C7E deleted successfully.
ADS C:\ProgramData\TEMP:53BA2DF6 deleted successfully.
ADS C:\ProgramData\TEMP:737160C1 deleted successfully.
ADS C:\ProgramData\TEMP:2CB9631F deleted successfully.
ADS C:\ProgramData\TEMP:2A874675 deleted successfully.
ADS C:\ProgramData\TEMP:8B4B9596 deleted successfully.
ADS C:\ProgramData\TEMP:9BAC4211 deleted successfully.
ADS C:\ProgramData\TEMP:12383CAE deleted successfully.
ADS C:\ProgramData\TEMP:D7D0B4AF deleted successfully.
ADS C:\ProgramData\TEMP:CCB49694 deleted successfully.
ADS C:\ProgramData\TEMP:59465B40 deleted successfully.
ADS C:\ProgramData\TEMP:834DD57E deleted successfully.
ADS C:\ProgramData\TEMP:2AE74FF9 deleted successfully.
ADS C:\ProgramData\TEMP:9FD757A9 deleted successfully.
ADS C:\ProgramData\TEMP:6017A808 deleted successfully.
ADS C:\ProgramData\TEMP:512E1728 deleted successfully.
ADS C:\ProgramData\TEMP:B54E4B5A deleted successfully.
ADS C:\ProgramData\TEMP:6247E766 deleted successfully.
ADS C:\ProgramData\TEMP:2DF54B62 deleted successfully.
ADS C:\ProgramData\TEMP:AABECEFB deleted successfully.
ADS C:\ProgramData\TEMP:861A898F deleted successfully.
ADS C:\ProgramData\TEMP:5B4686D7 deleted successfully.
ADS C:\ProgramData\TEMP:193426B4 deleted successfully.
ADS C:\ProgramData\TEMP:E87AB4E3 deleted successfully.
ADS C:\ProgramData\TEMP:DD95E6D9 deleted successfully.
ADS C:\ProgramData\TEMP:2BFCDF84 deleted successfully.
ADS C:\ProgramData\TEMP:F2B5D9AD deleted successfully.
ADS C:\ProgramData\TEMP:1D6B18F1 deleted successfully.
ADS C:\ProgramData\TEMP:4A448DB2 deleted successfully.
ADS C:\ProgramData\TEMP:F68CB1A4 deleted successfully.
ADS C:\ProgramData\TEMP:5080697C deleted successfully.
ADS C:\ProgramData\TEMP:D6D084A5 deleted successfully.
ADS C:\ProgramData\TEMP:A4AF8D0D deleted successfully.
ADS C:\ProgramData\TEMP:6499508E deleted successfully.
ADS C:\ProgramData\TEMP:8AB6C1D7 deleted successfully.
ADS C:\ProgramData\TEMP:89A5891E deleted successfully.
ADS C:\ProgramData\TEMP:52C24010 deleted successfully.
ADS C:\ProgramData\TEMP:C78DADEA deleted successfully.
ADS C:\ProgramData\TEMP:C22674B6 deleted successfully.
ADS C:\ProgramData\TEMP:E2458802 deleted successfully.
ADS C:\ProgramData\TEMP:8173A019 deleted successfully.
ADS C:\ProgramData\TEMP:6F0B6A5A deleted successfully.
ADS C:\ProgramData\TEMP:DDEB08FD deleted successfully.
ADS C:\ProgramData\TEMP:F84B8DB5 deleted successfully.
ADS C:\ProgramData\TEMP:53B8C5D2 deleted successfully.
ADS C:\ProgramData\TEMP:4BB26BE9 deleted successfully.
ADS C:\ProgramData\TEMP:E8B61305 deleted successfully.
ADS C:\ProgramData\TEMP:E2CFA9CD deleted successfully.
ADS C:\ProgramData\TEMP:5C6EBC69 deleted successfully.
ADS C:\ProgramData\TEMP:FC420CE6 deleted successfully.
ADS C:\ProgramData\TEMP:3086B95F deleted successfully.
ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.
ADS C:\ProgramData\TEMP:774A0E14 deleted successfully.
ADS C:\ProgramData\TEMP:6FE17A89 deleted successfully.
ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully.
ADS C:\ProgramData\TEMP:C86B29EB deleted successfully.
ADS C:\ProgramData\TEMP:FEBEC560 deleted successfully.
ADS C:\ProgramData\TEMP:131C0EE9 deleted successfully.
ADS C:\ProgramData\TEMP:3E06C78F deleted successfully.
ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.
ADS C:\ProgramData\TEMP:793F316E deleted successfully.
ADS C:\ProgramData\TEMP:9F683177 deleted successfully.
ADS C:\ProgramData\TEMP:5E9B629B deleted successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\ICQ6Toolbar not found.
File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector not found.
File\Folder C:\Program Files (x86)\Advanced System Protector not found.
File\Folder C:\Program Files (x86)\StartNow Toolbar not found.
File\Folder C:\Users\steffi\AppData\Roaming\.# not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\steffi\Desktop\cmd.bat deleted successfully.
C:\Users\steffi\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: steffi
->Temp folder emptied: 32300 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6358530 bytes
->Flash cache emptied: 343 bytes
 
User: Toni
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Toni.steffi-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: TONI~1~STE
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 524288 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 602112 bytes
 
Total Files Cleaned = 7,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10122012_155201

Sieht auf jedenfall anders aus, als das andere

cosinus · 12.10.2012, 17:00

Ja so ist richtig, mein erstes Fixscript war ja auch falsch

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Kudoka · 12.10.2012, 17:32

Geht das auch im abgesicherten Modus?
Normaler Windows hängt sich immer noch auf :/

cosinus · 12.10.2012, 19:11

Ja dann nimm den abgesicherten Modus mit Netzwerktreibern

Kudoka · 12.10.2012, 19:59

Auf den Bildern ist es etwas anders...
Soll ich alle Funde in Quarantäne setzen, oder einzelnd alle löschen, dann auf Continue klicken? (Nach dem Scan)

LG

Hoffe ich habe alles richtig gemacht (Habe die Funde in Quarantäne gesetzt und auf Continue geklickt) :

Code:

ATTFilter

20:54:10.0390 1824  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:54:11.0684 1824  ============================================================
20:54:11.0684 1824  Current date / time: 2012/10/12 20:54:11.0684
20:54:11.0684 1824  SystemInfo:
20:54:11.0684 1824  
20:54:11.0684 1824  OS Version: 6.0.6002 ServicePack: 2.0
20:54:11.0684 1824  Product type: Workstation
20:54:11.0684 1824  ComputerName: STEFFI-PC
20:54:11.0684 1824  UserName: steffi
20:54:11.0684 1824  Windows directory: C:\Windows
20:54:11.0684 1824  System windows directory: C:\Windows
20:54:11.0684 1824  Running under WOW64
20:54:11.0684 1824  Processor architecture: Intel x64
20:54:11.0684 1824  Number of processors: 4
20:54:11.0684 1824  Page size: 0x1000
20:54:11.0684 1824  Boot type: Safe boot with network
20:54:11.0684 1824  ============================================================
20:54:12.0355 1824  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:54:12.0371 1824  ============================================================
20:54:12.0371 1824  \Device\Harddisk0\DR0:
20:54:12.0371 1824  MBR partitions:
20:54:12.0371 1824  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0x1D4B800, BlocksNum 0x39502800
20:54:12.0371 1824  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3B24E000, BlocksNum 0x394B8000
20:54:12.0371 1824  ============================================================
20:54:12.0433 1824  C: <-> \Device\Harddisk0\DR0\Partition1
20:54:12.0464 1824  D: <-> \Device\Harddisk0\DR0\Partition2
20:54:12.0464 1824  ============================================================
20:54:12.0464 1824  Initialize success
20:54:12.0464 1824  ============================================================
20:57:46.0138 2012  ============================================================
20:57:46.0138 2012  Scan started
20:57:46.0138 2012  Mode: Manual; SigCheck; TDLFS; 
20:57:46.0138 2012  ============================================================
20:57:46.0372 2012  ================ Scan system memory ========================
20:57:46.0372 2012  System memory - ok
20:57:46.0372 2012  ================ Scan services =============================
20:57:46.0450 2012  [ 517D30057C726C797764BFD70A55D82A ] Acer HomeMedia Connect Service C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
20:57:46.0606 2012  Acer HomeMedia Connect Service ( UnsignedFile.Multi.Generic ) - warning
20:57:46.0606 2012  Acer HomeMedia Connect Service - detected UnsignedFile.Multi.Generic (1)
20:57:46.0637 2012  [ E91F2444DF54E725DDBBDDB7FBCE71F5 ] AcerMemUsageCheckService C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
20:57:46.0684 2012  AcerMemUsageCheckService ( UnsignedFile.Multi.Generic ) - warning
20:57:46.0684 2012  AcerMemUsageCheckService - detected UnsignedFile.Multi.Generic (1)
20:57:46.0777 2012  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
20:57:46.0793 2012  ACPI - ok
20:57:46.0871 2012  [ 6C40D5ED8951AB7B90D08AF655224EE4 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:57:46.0871 2012  AdobeFlashPlayerUpdateSvc - ok
20:57:46.0918 2012  [ F14215E37CF124104575073F782111D2 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:57:46.0949 2012  adp94xx - ok
20:57:47.0027 2012  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:57:47.0042 2012  adpahci - ok
20:57:47.0074 2012  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
20:57:47.0074 2012  adpu160m - ok
20:57:47.0089 2012  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:57:47.0105 2012  adpu320 - ok
20:57:47.0120 2012  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:57:47.0167 2012  AeLookupSvc - ok
20:57:47.0198 2012  [ C4F6CE6087760AD70960C9EB130E7943 ] AFD             C:\Windows\system32\drivers\afd.sys
20:57:47.0245 2012  AFD - ok
20:57:47.0276 2012  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:57:47.0276 2012  agp440 - ok
20:57:47.0308 2012  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
20:57:47.0308 2012  aic78xx - ok
20:57:47.0323 2012  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
20:57:47.0386 2012  ALG - ok
20:57:47.0386 2012  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:57:47.0401 2012  aliide - ok
20:57:47.0417 2012  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
20:57:47.0432 2012  amdide - ok
20:57:47.0448 2012  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:57:47.0495 2012  AmdK8 - ok
20:57:47.0526 2012  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
20:57:47.0573 2012  Appinfo - ok
20:57:47.0651 2012  [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:57:47.0666 2012  Apple Mobile Device - ok
20:57:47.0682 2012  [ BA8417D4765F3988FF921F30F630E303 ] arc             C:\Windows\system32\drivers\arc.sys
20:57:47.0698 2012  arc - ok
20:57:47.0713 2012  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:57:47.0729 2012  arcsas - ok
20:57:47.0838 2012  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:57:47.0854 2012  aspnet_state - ok
20:57:47.0869 2012  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:57:47.0916 2012  AsyncMac - ok
20:57:47.0947 2012  [ E68D9B3A3905619732F7FE039466A623 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:57:47.0947 2012  atapi - ok
20:57:47.0994 2012  [ C5A7759E7F3321D59D10972BA5E7ABFA ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
20:57:48.0041 2012  Ati External Event Utility - ok
20:57:48.0056 2012  AtiDCM - ok
20:57:48.0134 2012  [ 38FA4DAEFCD8A5DB6B5C4DDE9E2D6EC6 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:57:48.0306 2012  atikmdag - ok
20:57:48.0337 2012  [ 4AEF9EC86818375495FB78CA58DF4E18 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
20:57:48.0353 2012  atksgt ( UnsignedFile.Multi.Generic ) - warning
20:57:48.0353 2012  atksgt - detected UnsignedFile.Multi.Generic (1)
20:57:48.0400 2012  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:57:48.0431 2012  AudioEndpointBuilder - ok
20:57:48.0446 2012  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:57:48.0478 2012  AudioSrv - ok
20:57:48.0602 2012  [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
20:57:48.0758 2012  AVGIDSAgent - ok
20:57:48.0790 2012  [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
20:57:48.0805 2012  AVGIDSHA - ok
20:57:48.0836 2012  [ 1BEE674AD792B1C63BB0DAC5FA724B23 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
20:57:48.0852 2012  Avgtdia - ok
20:57:48.0868 2012  [ DE24B2CA078FC6A7EAA53B1DFD3F61CF ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
20:57:48.0883 2012  avgtp - ok
20:57:48.0914 2012  [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd           C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
20:57:48.0930 2012  avgwd - ok
20:57:48.0946 2012  [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE             C:\Windows\System32\bfe.dll
20:57:48.0992 2012  BFE - ok
20:57:49.0055 2012  [ 6D316F4859634071CC25C4FD4589AD2C ] BITS            C:\Windows\System32\qmgr.dll
20:57:49.0211 2012  BITS - ok
20:57:49.0258 2012  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
20:57:49.0289 2012  blbdrive - ok
20:57:49.0336 2012  [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
20:57:49.0351 2012  Bonjour Service - ok
20:57:49.0351 2012  Boonty Games - ok
20:57:49.0398 2012  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:57:49.0414 2012  bowser - ok
20:57:49.0429 2012  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
20:57:49.0460 2012  BrFiltLo - ok
20:57:49.0476 2012  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
20:57:49.0492 2012  BrFiltUp - ok
20:57:49.0554 2012  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
20:57:49.0616 2012  Browser - ok
20:57:49.0632 2012  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
20:57:49.0679 2012  Brserid - ok
20:57:49.0694 2012  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
20:57:49.0757 2012  BrSerWdm - ok
20:57:49.0772 2012  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
20:57:49.0819 2012  BrUsbMdm - ok
20:57:49.0835 2012  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
20:57:49.0882 2012  BrUsbSer - ok
20:57:49.0897 2012  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:57:49.0944 2012  BTHMODEM - ok
20:57:49.0960 2012  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:57:49.0991 2012  cdfs - ok
20:57:50.0006 2012  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:57:50.0038 2012  cdrom - ok
20:57:50.0069 2012  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:57:50.0100 2012  CertPropSvc - ok
20:57:50.0116 2012  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:57:50.0162 2012  circlass - ok
20:57:50.0194 2012  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
20:57:50.0209 2012  CLFS - ok
20:57:50.0272 2012  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:57:50.0287 2012  clr_optimization_v2.0.50727_32 - ok
20:57:50.0334 2012  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:57:50.0365 2012  clr_optimization_v2.0.50727_64 - ok
20:57:50.0428 2012  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:57:50.0490 2012  clr_optimization_v4.0.30319_32 - ok
20:57:50.0506 2012  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:57:50.0537 2012  clr_optimization_v4.0.30319_64 - ok
20:57:50.0568 2012  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:57:50.0584 2012  cmdide - ok
20:57:50.0599 2012  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:57:50.0615 2012  Compbatt - ok
20:57:50.0615 2012  COMSysApp - ok
20:57:50.0630 2012  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:57:50.0646 2012  crcdisk - ok
20:57:50.0677 2012  [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:57:50.0708 2012  CryptSvc - ok
20:57:50.0740 2012  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:57:50.0802 2012  DcomLaunch - ok
20:57:50.0818 2012  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:57:50.0849 2012  DfsC - ok
20:57:50.0927 2012  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
20:57:51.0020 2012  DFSR - ok
20:57:51.0052 2012  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
20:57:51.0083 2012  Dhcp - ok
20:57:51.0114 2012  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
20:57:51.0130 2012  disk - ok
20:57:51.0161 2012  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:57:51.0176 2012  Dnscache - ok
20:57:51.0192 2012  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:57:51.0223 2012  dot3svc - ok
20:57:51.0254 2012  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
20:57:51.0317 2012  DPS - ok
20:57:51.0332 2012  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:57:51.0395 2012  drmkaud - ok
20:57:51.0426 2012  [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:57:51.0473 2012  DXGKrnl - ok
20:57:51.0504 2012  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
20:57:51.0551 2012  E1G60 - ok
20:57:51.0551 2012  EagleX64 - ok
20:57:51.0582 2012  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
20:57:51.0613 2012  EapHost - ok
20:57:51.0629 2012  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
20:57:51.0644 2012  Ecache - ok
20:57:51.0691 2012  [ B7DC2580425225C320CEDA78DE55A3D0 ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
20:57:51.0707 2012  eDataSecurity Service - ok
20:57:51.0769 2012  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:57:51.0785 2012  ehRecvr - ok
20:57:51.0800 2012  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched         C:\Windows\ehome\ehsched.exe
20:57:51.0816 2012  ehSched - ok
20:57:51.0832 2012  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart         C:\Windows\ehome\ehstart.dll
20:57:51.0863 2012  ehstart - ok
20:57:51.0878 2012  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:57:51.0894 2012  elxstor - ok
20:57:51.0956 2012  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
20:57:51.0988 2012  EMDMgmt - ok
20:57:52.0019 2012  [ 59FCCAF915BA89DD98CADF08DA91AFEE ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
20:57:52.0034 2012  eRecoveryService ( UnsignedFile.Multi.Generic ) - warning
20:57:52.0034 2012  eRecoveryService - detected UnsignedFile.Multi.Generic (1)
20:57:52.0050 2012  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:57:52.0097 2012  ErrDev - ok
20:57:52.0128 2012  [ A9745687A57CDD71237915859ABA8DAC ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
20:57:52.0159 2012  eSettingsService ( UnsignedFile.Multi.Generic ) - warning
20:57:52.0159 2012  eSettingsService - detected UnsignedFile.Multi.Generic (1)
20:57:52.0175 2012  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem     C:\Windows\system32\es.dll
20:57:52.0222 2012  EventSystem - ok
20:57:52.0253 2012  [ 486844F47B6636044A42454614ED4523 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:57:52.0268 2012  exfat - ok
20:57:52.0300 2012  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:57:52.0331 2012  fastfat - ok
20:57:52.0362 2012  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:57:52.0393 2012  fdc - ok
20:57:52.0409 2012  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
20:57:52.0440 2012  fdPHost - ok
20:57:52.0456 2012  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
20:57:52.0518 2012  FDResPub - ok
20:57:52.0534 2012  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:57:52.0549 2012  FileInfo - ok
20:57:52.0565 2012  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:57:52.0596 2012  Filetrace - ok
20:57:52.0596 2012  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:57:52.0627 2012  flpydisk - ok
20:57:52.0658 2012  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:57:52.0674 2012  FltMgr - ok
20:57:52.0721 2012  [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache       C:\Windows\system32\FntCache.dll
20:57:52.0768 2012  FontCache - ok
20:57:52.0830 2012  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:57:52.0830 2012  FontCache3.0.0.0 - ok
20:57:52.0892 2012  [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:57:52.0908 2012  Fs_Rec - ok
20:57:52.0924 2012  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:57:52.0939 2012  gagp30kx - ok
20:57:52.0970 2012  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:57:53.0017 2012  gpsvc - ok
20:57:53.0048 2012  GPU-Z - ok
20:57:53.0095 2012  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:57:53.0111 2012  gupdate - ok
20:57:53.0111 2012  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:57:53.0126 2012  gupdatem - ok
20:57:53.0142 2012  [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:57:53.0158 2012  gusvc - ok
20:57:53.0189 2012  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
20:57:53.0204 2012  hamachi - ok
20:57:53.0251 2012  [ 21D24138B736983F6E23823E092E9428 ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
20:57:53.0329 2012  Hamachi2Svc - ok
20:57:53.0376 2012  [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:57:53.0392 2012  HdAudAddService - ok
20:57:53.0438 2012  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:57:53.0485 2012  HDAudBus - ok
20:57:53.0501 2012  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:57:53.0548 2012  HidBth - ok
20:57:53.0563 2012  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:57:53.0626 2012  HidIr - ok
20:57:53.0657 2012  [ 59361D38A297755D46A540E450202B2A ] hidserv         C:\Windows\system32\hidserv.dll
20:57:53.0704 2012  hidserv - ok
20:57:53.0719 2012  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:57:53.0750 2012  HidUsb - ok
20:57:53.0782 2012  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:57:53.0813 2012  hkmsvc - ok
20:57:53.0828 2012  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
20:57:53.0828 2012  HpCISSs - ok
20:57:53.0860 2012  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:57:53.0891 2012  HTTP - ok
20:57:53.0906 2012  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
20:57:53.0906 2012  i2omp - ok
20:57:53.0953 2012  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:57:54.0000 2012  i8042prt - ok
20:57:54.0016 2012  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
20:57:54.0047 2012  iaStorV - ok
20:57:54.0078 2012  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:57:54.0109 2012  idsvc - ok
20:57:54.0125 2012  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:57:54.0140 2012  iirsp - ok
20:57:54.0187 2012  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
20:57:54.0250 2012  IKEEXT - ok
20:57:54.0265 2012  [ 91B61589BB2915E81D436EFE07548507 ] int15           C:\Acer\Empowering Technology\eRecovery\int15.sys
20:57:54.0281 2012  int15 - ok
20:57:54.0374 2012  [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:57:54.0546 2012  IntcAzAudAddService - ok
20:57:54.0593 2012  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
20:57:54.0608 2012  intelide - ok
20:57:54.0624 2012  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:57:54.0655 2012  intelppm - ok
20:57:54.0671 2012  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:57:54.0733 2012  IPBusEnum - ok
20:57:54.0764 2012  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:57:54.0796 2012  IpFilterDriver - ok
20:57:54.0811 2012  [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:57:54.0827 2012  iphlpsvc - ok
20:57:54.0827 2012  IpInIp - ok
20:57:54.0842 2012  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
20:57:54.0905 2012  IPMIDRV - ok
20:57:54.0936 2012  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
20:57:54.0998 2012  IPNAT - ok
20:57:55.0014 2012  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:57:55.0061 2012  IRENUM - ok
20:57:55.0076 2012  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:57:55.0092 2012  isapnp - ok
20:57:55.0123 2012  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
20:57:55.0123 2012  iScsiPrt - ok
20:57:55.0139 2012  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
20:57:55.0154 2012  iteatapi - ok
20:57:55.0170 2012  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
20:57:55.0170 2012  iteraid - ok
20:57:55.0186 2012  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:57:55.0201 2012  kbdclass - ok
20:57:55.0217 2012  [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:57:55.0248 2012  kbdhid - ok
20:57:55.0279 2012  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso          C:\Windows\system32\lsass.exe
20:57:55.0295 2012  KeyIso - ok
20:57:55.0326 2012  [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:57:55.0357 2012  KSecDD - ok
20:57:55.0373 2012  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:57:55.0420 2012  ksthunk - ok
20:57:55.0451 2012  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:57:55.0513 2012  KtmRm - ok
20:57:55.0529 2012  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:57:55.0576 2012  LanmanServer - ok
20:57:55.0607 2012  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:57:55.0638 2012  LanmanWorkstation - ok
20:57:55.0669 2012  [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:57:55.0669 2012  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:57:55.0669 2012  LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:57:55.0700 2012  [ B658B7076B1ACAA5876524595630F183 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
20:57:55.0700 2012  lirsgt ( UnsignedFile.Multi.Generic ) - warning
20:57:55.0700 2012  lirsgt - detected UnsignedFile.Multi.Generic (1)
20:57:55.0716 2012  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:57:55.0763 2012  lltdio - ok
20:57:55.0794 2012  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:57:55.0841 2012  lltdsvc - ok
20:57:55.0856 2012  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:57:55.0888 2012  lmhosts - ok
20:57:55.0903 2012  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:57:55.0919 2012  LSI_FC - ok
20:57:55.0934 2012  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:57:55.0950 2012  LSI_SAS - ok
20:57:55.0966 2012  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:57:55.0966 2012  LSI_SCSI - ok
20:57:55.0997 2012  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:57:56.0028 2012  luafv - ok
20:57:56.0059 2012  [ B5E86524918EF32B32D1032E0C8E92A3 ] massfilter      C:\Windows\system32\DRIVERS\massfilter.sys
20:57:56.0075 2012  massfilter - ok
20:57:56.0137 2012  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:57:56.0153 2012  MBAMScheduler - ok
20:57:56.0184 2012  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:57:56.0200 2012  Mcx2Svc - ok
20:57:56.0231 2012  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas         C:\Windows\system32\drivers\megasas.sys
20:57:56.0231 2012  megasas - ok
20:57:56.0246 2012  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
20:57:56.0278 2012  MegaSR - ok
20:57:56.0293 2012  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
20:57:56.0324 2012  MMCSS - ok
20:57:56.0340 2012  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
20:57:56.0371 2012  Modem - ok
20:57:56.0387 2012  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:57:56.0449 2012  monitor - ok
20:57:56.0465 2012  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:57:56.0480 2012  mouclass - ok
20:57:56.0496 2012  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:57:56.0527 2012  mouhid - ok
20:57:56.0543 2012  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
20:57:56.0543 2012  MountMgr - ok
20:57:56.0574 2012  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:57:56.0574 2012  MozillaMaintenance - ok
20:57:56.0605 2012  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:57:56.0605 2012  mpio - ok
20:57:56.0636 2012  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:57:56.0668 2012  mpsdrv - ok
20:57:56.0699 2012  [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:57:56.0746 2012  MpsSvc - ok
20:57:56.0777 2012  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
20:57:56.0792 2012  Mraid35x - ok
20:57:56.0808 2012  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:57:56.0839 2012  MRxDAV - ok
20:57:56.0870 2012  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:57:56.0886 2012  mrxsmb - ok
20:57:56.0917 2012  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:57:56.0933 2012  mrxsmb10 - ok
20:57:56.0933 2012  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:57:56.0948 2012  mrxsmb20 - ok
20:57:56.0964 2012  [ 1AC860612B85D8E85EE257D372E39F4D ] msahci          C:\Windows\system32\drivers\msahci.sys
20:57:56.0980 2012  msahci - ok
20:57:56.0995 2012  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:57:57.0011 2012  msdsm - ok
20:57:57.0026 2012  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
20:57:57.0073 2012  MSDTC - ok
20:57:57.0120 2012  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:57:57.0151 2012  Msfs - ok
20:57:57.0151 2012  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:57:57.0167 2012  msisadrv - ok
20:57:57.0198 2012  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:57:57.0245 2012  MSiSCSI - ok
20:57:57.0245 2012  msiserver - ok
20:57:57.0260 2012  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:57:57.0292 2012  MSKSSRV - ok
20:57:57.0307 2012  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:57:57.0338 2012  MSPCLOCK - ok
20:57:57.0354 2012  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:57:57.0385 2012  MSPQM - ok
20:57:57.0401 2012  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:57:57.0416 2012  MsRPC - ok
20:57:57.0432 2012  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:57:57.0448 2012  mssmbios - ok
20:57:57.0463 2012  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:57:57.0494 2012  MSTEE - ok
20:57:57.0510 2012  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:57:57.0526 2012  Mup - ok
20:57:57.0557 2012  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
20:57:57.0604 2012  napagent - ok
20:57:57.0635 2012  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:57:57.0650 2012  NativeWifiP - ok
20:57:57.0682 2012  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:57:57.0713 2012  NDIS - ok
20:57:57.0728 2012  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:57:57.0760 2012  NdisTapi - ok
20:57:57.0775 2012  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:57:57.0806 2012  Ndisuio - ok
20:57:57.0822 2012  [ F8158771905260982CE724076419EF19 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:57:57.0869 2012  NdisWan - ok
20:57:57.0884 2012  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:57:57.0916 2012  NDProxy - ok
20:57:57.0931 2012  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:57:57.0962 2012  NetBIOS - ok
20:57:57.0994 2012  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
20:57:58.0025 2012  netbt - ok
20:57:58.0025 2012  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon        C:\Windows\system32\lsass.exe
20:57:58.0040 2012  Netlogon - ok
20:57:58.0072 2012  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
20:57:58.0118 2012  Netman - ok
20:57:58.0150 2012  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:57:58.0181 2012  NetMsmqActivator - ok
20:57:58.0181 2012  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:57:58.0196 2012  NetPipeActivator - ok
20:57:58.0212 2012  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
20:57:58.0243 2012  netprofm - ok
20:57:58.0259 2012  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:57:58.0259 2012  NetTcpActivator - ok
20:57:58.0274 2012  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:57:58.0274 2012  NetTcpPortSharing - ok
20:57:58.0306 2012  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:57:58.0306 2012  nfrd960 - ok
20:57:58.0337 2012  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:57:58.0368 2012  NlaSvc - ok
20:57:58.0399 2012  [ C31FA031335EFF434B2D94278E74BCCE ] npf             C:\Windows\system32\drivers\npf.sys
20:57:58.0399 2012  npf - ok
20:57:58.0415 2012  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:57:58.0446 2012  Npfs - ok
20:57:58.0477 2012  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
20:57:58.0508 2012  nsi - ok
20:57:58.0508 2012  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:57:58.0555 2012  nsiproxy - ok
20:57:58.0586 2012  [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:57:58.0649 2012  Ntfs - ok
20:57:58.0680 2012  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
20:57:58.0727 2012  Null - ok
20:57:58.0758 2012  [ 99ED33F7FE39026A477893D92AEA5EF0 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx64.sys
20:57:58.0789 2012  NVENETFD - ok
20:57:58.0820 2012  [ 87A7E98A682B0B20820BE781C7758B94 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
20:57:58.0836 2012  NVHDA - ok
20:57:58.0992 2012  [ 15C9645FBC3CA28BD44EB1EC5418A8FC ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:57:59.0288 2012  nvlddmkm - ok
20:57:59.0304 2012  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:57:59.0320 2012  nvraid - ok
20:57:59.0320 2012  [ 081601B398DED2FBC6FF62AE2042C38A ] nvrd64          C:\Windows\system32\drivers\nvrd64.sys
20:57:59.0335 2012  nvrd64 - ok
20:57:59.0351 2012  [ F6C6D8298DD85507F680437EC2E6899C ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
20:57:59.0351 2012  nvsmu - ok
20:57:59.0366 2012  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:57:59.0382 2012  nvstor - ok
20:57:59.0398 2012  [ 1F27F53013B40565C8BD1D787EA5EC6A ] nvstor64        C:\Windows\system32\drivers\nvstor64.sys
20:57:59.0413 2012  nvstor64 - ok
20:57:59.0429 2012  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:57:59.0444 2012  nv_agp - ok
20:57:59.0444 2012  NwlnkFlt - ok
20:57:59.0460 2012  NwlnkFwd - ok
20:57:59.0507 2012  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:57:59.0522 2012  odserv - ok
20:57:59.0554 2012  [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
20:57:59.0600 2012  ohci1394 - ok
20:57:59.0616 2012  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:57:59.0632 2012  ose - ok
20:57:59.0678 2012  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
20:57:59.0710 2012  p2pimsvc - ok
20:57:59.0725 2012  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
20:57:59.0741 2012  p2psvc - ok
20:57:59.0772 2012  [ AECD57F94C887F58919F307C35498EA0 ] Parport         C:\Windows\system32\drivers\parport.sys
20:57:59.0819 2012  Parport - ok
20:57:59.0850 2012  [ B43751085E2ABE389DA466BC62A4B987 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:57:59.0866 2012  partmgr - ok
20:57:59.0897 2012  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:57:59.0912 2012  PcaSvc - ok
20:57:59.0928 2012  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci             C:\Windows\system32\drivers\pci.sys
20:57:59.0944 2012  pci - ok
20:57:59.0959 2012  [ 2657F6C0B78C36D95034BE109336E382 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:57:59.0959 2012  pciide - ok
20:57:59.0990 2012  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:57:59.0990 2012  pcmcia - ok
20:58:00.0022 2012  [ 045E962A45C4044F13091AEC12720C56 ] PCSUService     C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe
20:58:00.0037 2012  PCSUService - ok
20:58:00.0053 2012  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:58:00.0131 2012  PEAUTH - ok
20:58:00.0162 2012  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:58:00.0271 2012  PerfHost - ok
20:58:00.0365 2012  [ AE0B94363DA0F60D42B9D05B352F61ED ] PID_PEPI        C:\Windows\system32\DRIVERS\LV302V64.SYS
20:58:00.0490 2012  PID_PEPI - ok
20:58:00.0552 2012  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
20:58:00.0630 2012  pla - ok
20:58:00.0661 2012  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:58:00.0692 2012  PlugPlay - ok
20:58:00.0724 2012  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
20:58:00.0739 2012  PNRPAutoReg - ok
20:58:00.0755 2012  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc         C:\Windows\system32\p2psvc.dll
20:58:00.0786 2012  PNRPsvc - ok
20:58:00.0817 2012  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:58:00.0864 2012  PolicyAgent - ok
20:58:00.0895 2012  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:58:00.0926 2012  PptpMiniport - ok
20:58:00.0973 2012  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor       C:\Windows\system32\drivers\processr.sys
20:58:01.0004 2012  Processor - ok
20:58:01.0020 2012  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc         C:\Windows\system32\profsvc.dll
20:58:01.0067 2012  ProfSvc - ok
20:58:01.0067 2012  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
20:58:01.0082 2012  ProtectedStorage - ok
20:58:01.0114 2012  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
20:58:01.0145 2012  PSched - ok
20:58:01.0160 2012  [ E4F35EFD9962A3C80365E029E5ACBC92 ] PSDFilter       C:\Windows\system32\DRIVERS\psdfilter.sys
20:58:01.0160 2012  PSDFilter - ok
20:58:01.0176 2012  [ 41031289856AB4C99A49218E6C4E9F46 ] PSDNServ        C:\Windows\system32\DRIVERS\PSDNServ.sys
20:58:01.0176 2012  PSDNServ - ok
20:58:01.0192 2012  [ C33FB61864C5096B0BF4B9DBC01BB5A9 ] psdvdisk        C:\Windows\system32\DRIVERS\PSDVdisk.sys
20:58:01.0207 2012  psdvdisk - ok
20:58:01.0238 2012  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:58:01.0285 2012  ql2300 - ok
20:58:01.0316 2012  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:58:01.0332 2012  ql40xx - ok
20:58:01.0363 2012  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
20:58:01.0394 2012  QWAVE - ok
20:58:01.0410 2012  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:58:01.0426 2012  QWAVEdrv - ok
20:58:01.0441 2012  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:58:01.0472 2012  RasAcd - ok
20:58:01.0488 2012  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
20:58:01.0535 2012  RasAuto - ok
20:58:01.0566 2012  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:58:01.0597 2012  Rasl2tp - ok
20:58:01.0613 2012  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
20:58:01.0644 2012  RasMan - ok
20:58:01.0660 2012  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:58:01.0691 2012  RasPppoe - ok
20:58:01.0691 2012  [ C6A593B51F34C33E5474539544072527 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:58:01.0706 2012  RasSstp - ok
20:58:01.0738 2012  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:58:01.0753 2012  rdbss - ok
20:58:01.0769 2012  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:58:01.0800 2012  RDPCDD - ok
20:58:01.0816 2012  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
20:58:01.0862 2012  rdpdr - ok
20:58:01.0862 2012  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:58:01.0909 2012  RDPENCDD - ok
20:58:01.0956 2012  [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:58:01.0972 2012  RDPWD - ok
20:58:01.0987 2012  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:58:02.0034 2012  RemoteAccess - ok
20:58:02.0050 2012  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:58:02.0081 2012  RemoteRegistry - ok
20:58:02.0128 2012  [ A035A7BF5132682F53F1E7B955690CE7 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
20:58:02.0128 2012  RichVideo ( UnsignedFile.Multi.Generic ) - warning
20:58:02.0128 2012  RichVideo - detected UnsignedFile.Multi.Generic (1)
20:58:02.0159 2012  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
20:58:02.0159 2012  RpcLocator - ok
20:58:02.0190 2012  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs           C:\Windows\system32\rpcss.dll
20:58:02.0221 2012  RpcSs - ok
20:58:02.0237 2012  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:58:02.0268 2012  rspndr - ok
20:58:02.0268 2012  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs           C:\Windows\system32\lsass.exe
20:58:02.0284 2012  SamSs - ok
20:58:02.0299 2012  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:58:02.0299 2012  sbp2port - ok
20:58:02.0330 2012  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:58:02.0362 2012  SCardSvr - ok
20:58:02.0393 2012  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
20:58:02.0455 2012  Schedule - ok
20:58:02.0486 2012  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:58:02.0502 2012  SCPolicySvc - ok
20:58:02.0533 2012  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:58:02.0549 2012  SDRSVC - ok
20:58:02.0596 2012  [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\steffi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
20:58:02.0611 2012  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
20:58:02.0611 2012  SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
20:58:02.0627 2012  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:58:02.0674 2012  secdrv - ok
20:58:02.0689 2012  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
20:58:02.0720 2012  seclogon - ok
20:58:02.0752 2012  [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri         C:\Windows\system32\DRIVERS\seehcri.sys
20:58:02.0783 2012  seehcri - ok
20:58:02.0798 2012  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\System32\sens.dll
20:58:02.0845 2012  SENS - ok
20:58:02.0861 2012  [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:58:02.0892 2012  Serenum - ok
20:58:02.0923 2012  [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:58:02.0954 2012  Serial - ok
20:58:02.0970 2012  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:58:03.0017 2012  sermouse - ok
20:58:03.0032 2012  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:58:03.0079 2012  SessionEnv - ok
20:58:03.0095 2012  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:58:03.0142 2012  sffdisk - ok
20:58:03.0157 2012  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:58:03.0188 2012  sffp_mmc - ok
20:58:03.0188 2012  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:58:03.0220 2012  sffp_sd - ok
20:58:03.0235 2012  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:58:03.0282 2012  sfloppy - ok
20:58:03.0313 2012  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:58:03.0360 2012  SharedAccess - ok
20:58:03.0422 2012  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:58:03.0438 2012  ShellHWDetection - ok
20:58:03.0454 2012  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
20:58:03.0454 2012  SiSRaid2 - ok
20:58:03.0469 2012  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:58:03.0485 2012  SiSRaid4 - ok
20:58:03.0532 2012  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc           C:\Windows\system32\SLsvc.exe
20:58:03.0641 2012  slsvc - ok
20:58:03.0656 2012  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
20:58:03.0703 2012  SLUINotify - ok
20:58:03.0719 2012  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:58:03.0750 2012  Smb - ok
20:58:03.0766 2012  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:58:03.0781 2012  SNMPTRAP - ok
20:58:03.0844 2012  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr           C:\Windows\system32\drivers\spldr.sys
20:58:03.0844 2012  spldr - ok
20:58:03.0875 2012  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler         C:\Windows\System32\spoolsv.exe
20:58:03.0906 2012  Spooler - ok
20:58:03.0953 2012  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:58:03.0984 2012  srv - ok
20:58:04.0031 2012  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:58:04.0046 2012  srv2 - ok
20:58:04.0078 2012  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:58:04.0109 2012  srvnet - ok
20:58:04.0124 2012  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:58:04.0171 2012  SSDPSRV - ok
20:58:04.0171 2012  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:58:04.0202 2012  SstpSvc - ok
20:58:04.0218 2012  Steam Client Service - ok
20:58:04.0265 2012  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
20:58:04.0296 2012  stisvc - ok
20:58:04.0327 2012  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:58:04.0327 2012  swenum - ok
20:58:04.0374 2012  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv           C:\Windows\System32\swprv.dll
20:58:04.0421 2012  swprv - ok
20:58:04.0452 2012  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
20:58:04.0468 2012  Symc8xx - ok
20:58:04.0483 2012  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
20:58:04.0499 2012  Sym_hi - ok
20:58:04.0499 2012  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
20:58:04.0514 2012  Sym_u3 - ok
20:58:04.0546 2012  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain         C:\Windows\system32\sysmain.dll
20:58:04.0592 2012  SysMain - ok
20:58:04.0639 2012  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:58:04.0670 2012  TabletInputService - ok
20:58:04.0686 2012  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:58:04.0717 2012  TapiSrv - ok
20:58:04.0733 2012  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
20:58:04.0780 2012  TBS - ok
20:58:04.0826 2012  [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:58:04.0858 2012  Tcpip - ok
20:58:04.0920 2012  [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
20:58:04.0967 2012  Tcpip6 - ok
20:58:04.0998 2012  [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:58:05.0014 2012  tcpipreg - ok
20:58:05.0029 2012  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:58:05.0076 2012  TDPIPE - ok
20:58:05.0076 2012  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:58:05.0123 2012  TDTCP - ok
20:58:05.0138 2012  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:58:05.0170 2012  tdx - ok
20:58:05.0185 2012  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:58:05.0201 2012  TermDD - ok
20:58:05.0216 2012  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService     C:\Windows\System32\termsrv.dll
20:58:05.0263 2012  TermService - ok
20:58:05.0294 2012  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
20:58:05.0310 2012  Themes - ok
20:58:05.0326 2012  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:58:05.0357 2012  THREADORDER - ok
20:58:05.0372 2012  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
20:58:05.0404 2012  TrkWks - ok
20:58:05.0435 2012  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:58:05.0466 2012  TrustedInstaller - ok
20:58:05.0482 2012  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:58:05.0513 2012  tssecsrv - ok
20:58:05.0575 2012  [ 811A229718C85356BC81EB20F35EB7F6 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
20:58:05.0638 2012  TuneUp.UtilitiesSvc - ok
20:58:05.0669 2012  [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
20:58:05.0684 2012  TuneUpUtilitiesDrv - ok
20:58:05.0716 2012  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:58:05.0731 2012  tunnel - ok
20:58:05.0747 2012  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:58:05.0762 2012  uagp35 - ok
20:58:05.0794 2012  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:58:05.0825 2012  udfs - ok
20:58:05.0840 2012  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:58:05.0872 2012  UI0Detect - ok
20:58:05.0887 2012  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:58:05.0903 2012  uliagpkx - ok
20:58:05.0918 2012  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
20:58:05.0934 2012  uliahci - ok
20:58:05.0950 2012  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
20:58:05.0965 2012  UlSata - ok
20:58:05.0981 2012  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
20:58:05.0996 2012  ulsata2 - ok
20:58:06.0012 2012  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:58:06.0043 2012  umbus - ok
20:58:06.0059 2012  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
20:58:06.0106 2012  upnphost - ok
20:58:06.0121 2012  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:58:06.0137 2012  USBAAPL64 - ok
20:58:06.0152 2012  [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:58:06.0184 2012  usbaudio - ok
20:58:06.0215 2012  [ 5FCC71487888589A9244AF54CFEFAB29 ] usbbus          C:\Windows\system32\DRIVERS\lgx64bus.sys
20:58:06.0230 2012  usbbus - ok
20:58:06.0262 2012  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:58:06.0277 2012  usbccgp - ok
20:58:06.0308 2012  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:58:06.0371 2012  usbcir - ok
20:58:06.0386 2012  [ 3FB6E423F7567C92C32EA786F5FD0C69 ] UsbDiag         C:\Windows\system32\DRIVERS\lgx64diag.sys
20:58:06.0402 2012  UsbDiag - ok
20:58:06.0418 2012  [ 827E44DE934A736EA31E91D353EB126F ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:58:06.0464 2012  usbehci - ok
20:58:06.0480 2012  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:58:06.0511 2012  usbhub - ok
20:58:06.0527 2012  [ 78D551F5B93488B4666F5FC8DD4815F3 ] USBModem        C:\Windows\system32\DRIVERS\lgx64modem.sys
20:58:06.0542 2012  USBModem - ok
20:58:06.0558 2012  [ E406B003A354776D317762694956B0FC ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:58:06.0589 2012  usbohci - ok
20:58:06.0636 2012  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:58:06.0667 2012  usbprint - ok
20:58:06.0698 2012  [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:58:06.0730 2012  usbscan - ok
20:58:06.0761 2012  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:58:06.0792 2012  USBSTOR - ok
20:58:06.0808 2012  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:58:06.0839 2012  usbuhci - ok
20:58:06.0870 2012  [ FC33099877790D51B0927B7039059855 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
20:58:06.0901 2012  usbvideo - ok
20:58:06.0932 2012  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms           C:\Windows\System32\uxsms.dll
20:58:06.0964 2012  UxSms - ok
20:58:06.0979 2012  [ 5BF180F7F7C2F68ED6D5777840270BCE ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
20:58:06.0995 2012  UxTuneUp - ok
20:58:07.0010 2012  [ 294945381DFA7CE58CECF0A9896AF327 ] vds             C:\Windows\System32\vds.exe
20:58:07.0042 2012  vds - ok
20:58:07.0057 2012  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:58:07.0088 2012  vga - ok
20:58:07.0104 2012  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:58:07.0151 2012  VgaSave - ok
20:58:07.0166 2012  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
20:58:07.0182 2012  viaide - ok
20:58:07.0213 2012  [ C6E18C3B43378AE3FCECDFF0F0BB7BE7 ] VMCService      C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
20:58:07.0213 2012  VMCService ( UnsignedFile.Multi.Generic ) - warning
20:58:07.0213 2012  VMCService - detected UnsignedFile.Multi.Generic (1)
20:58:07.0229 2012  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:58:07.0244 2012  volmgr - ok
20:58:07.0291 2012  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:58:07.0322 2012  volmgrx - ok
20:58:07.0354 2012  [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:58:07.0369 2012  volsnap - ok
20:58:07.0400 2012  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:58:07.0416 2012  vsmraid - ok
20:58:07.0447 2012  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS             C:\Windows\system32\vssvc.exe
20:58:07.0541 2012  VSS - ok
20:58:07.0541 2012  vToolbarUpdater12.2.6 - ok
20:58:07.0588 2012  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time         C:\Windows\system32\w32time.dll
20:58:07.0619 2012  W32Time - ok
20:58:07.0650 2012  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:58:07.0712 2012  WacomPen - ok
20:58:07.0759 2012  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
20:58:07.0790 2012  Wanarp - ok
20:58:07.0790 2012  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:58:07.0822 2012  Wanarpv6 - ok
20:58:07.0853 2012  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:58:07.0884 2012  wcncsvc - ok
20:58:07.0900 2012  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:58:07.0946 2012  WcsPlugInService - ok
20:58:07.0946 2012  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
20:58:07.0962 2012  Wd - ok
20:58:07.0993 2012  [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:58:08.0024 2012  Wdf01000 - ok
20:58:08.0040 2012  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:58:08.0071 2012  WdiServiceHost - ok
20:58:08.0071 2012  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:58:08.0102 2012  WdiSystemHost - ok
20:58:08.0118 2012  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient       C:\Windows\System32\webclnt.dll
20:58:08.0149 2012  WebClient - ok
20:58:08.0180 2012  [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:58:08.0196 2012  Wecsvc - ok
20:58:08.0227 2012  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:58:08.0243 2012  wercplsupport - ok
20:58:08.0258 2012  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
20:58:08.0290 2012  WerSvc - ok
20:58:08.0321 2012  WinDefend - ok
20:58:08.0336 2012  WinHttpAutoProxySvc - ok
20:58:08.0368 2012  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:58:08.0414 2012  Winmgmt - ok
20:58:08.0477 2012  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:58:08.0539 2012  WinRM - ok
20:58:08.0586 2012  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:58:08.0617 2012  Wlansvc - ok
20:58:08.0648 2012  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:58:08.0664 2012  WmiAcpi - ok
20:58:08.0680 2012  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:58:08.0711 2012  wmiApSrv - ok
20:58:08.0711 2012  WMPNetworkSvc - ok
20:58:08.0742 2012  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:58:08.0758 2012  WPCSvc - ok
20:58:08.0789 2012  [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:58:08.0820 2012  WPDBusEnum - ok
20:58:08.0851 2012  [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
20:58:08.0882 2012  WpdUsb - ok
20:58:08.0976 2012  [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:58:09.0007 2012  WPFFontCache_v0400 - ok
20:58:09.0054 2012  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:58:09.0085 2012  ws2ifsl - ok
20:58:09.0101 2012  [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc          C:\Windows\System32\wscsvc.dll
20:58:09.0132 2012  wscsvc - ok
20:58:09.0132 2012  WSearch - ok
20:58:09.0210 2012  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:58:09.0288 2012  wuauserv - ok
20:58:09.0335 2012  [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:58:09.0366 2012  WUDFRd - ok
20:58:09.0382 2012  [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:58:09.0428 2012  wudfsvc - ok
20:58:09.0460 2012  [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
20:58:09.0475 2012  xusb21 - ok
20:58:09.0506 2012  [ 31DB70A61814E4F33181D48190D46845 ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
20:58:09.0538 2012  ZTEusbmdm6k - ok
20:58:09.0553 2012  [ 01CBEEA25AA78C0F0272654048D61F34 ] ZTEusbnet       C:\Windows\system32\DRIVERS\ZTEusbnet.sys
20:58:09.0569 2012  ZTEusbnet - ok
20:58:09.0600 2012  [ C9ADA887BF326D8413E81FE80B1BE7EB ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
20:58:09.0616 2012  ZTEusbnmea - ok
20:58:09.0631 2012  [ 31DB70A61814E4F33181D48190D46845 ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
20:58:09.0647 2012  ZTEusbser6k - ok
20:58:09.0662 2012  [ C9ADA887BF326D8413E81FE80B1BE7EB ] ZTEusbvoice     C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
20:58:09.0678 2012  ZTEusbvoice - ok
20:58:09.0694 2012  ================ Scan global ===============================
20:58:09.0725 2012  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
20:58:09.0756 2012  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
20:58:09.0772 2012  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
20:58:09.0803 2012  [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
20:58:09.0818 2012  [Global] - ok
20:58:09.0818 2012  ================ Scan MBR ==================================
20:58:09.0834 2012  [ A863475757CC50891AA8458C415E4B25 ] \Device\Harddisk0\DR0
20:58:11.0956 2012  \Device\Harddisk0\DR0 - ok
20:58:11.0956 2012  ================ Scan VBR ==================================
20:58:11.0956 2012  [ CE6E167B32C8F0898AEEC58EB6B82DEF ] \Device\Harddisk0\DR0\Partition1
20:58:11.0956 2012  \Device\Harddisk0\DR0\Partition1 - ok
20:58:11.0987 2012  [ 0766106000A6E03175DD35CF8FFBD2B4 ] \Device\Harddisk0\DR0\Partition2
20:58:11.0987 2012  \Device\Harddisk0\DR0\Partition2 - ok
20:58:11.0987 2012  ============================================================
20:58:11.0987 2012  Scan finished
20:58:11.0987 2012  ============================================================
20:58:12.0002 1480  Detected object count: 10
20:58:12.0002 1480  Actual detected object count: 10
21:17:29.0815 1480  C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe - copied to quarantine
21:17:29.0815 1480  Acer HomeMedia Connect Service ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
21:17:29.0847 1480  C:\Acer\Empowering Technology\ePerformance\MemCheck.exe - copied to quarantine
21:17:29.0847 1480  AcerMemUsageCheckService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
21:17:29.0893 1480  C:\Windows\system32\DRIVERS\atksgt.sys - copied to quarantine
21:17:29.0893 1480  atksgt ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
21:17:29.0925 1480  C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe - copied to quarantine
21:17:29.0925 1480  eRecoveryService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
21:17:29.0956 1480  C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe - copied to quarantine
21:17:29.0956 1480  eSettingsService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
21:17:29.0971 1480  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe - copied to quarantine
21:17:29.0971 1480  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
21:17:30.0003 1480  C:\Windows\system32\DRIVERS\lirsgt.sys - copied to quarantine
21:17:30.0003 1480  lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
21:17:30.0018 1480  C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe - copied to quarantine
21:17:30.0018 1480  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
21:17:30.0034 1480  C:\Users\steffi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe - copied to quarantine
21:17:30.0034 1480  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
21:17:30.0034 1480  C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe - copied to quarantine
21:17:30.0034 1480  VMCService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine

Und wie beschrieben noch nichts gelöscht!

cosinus · 12.10.2012, 21:01

Und warum kopiertst du alles in die Q? Du solltest doch alles skippen und sonst nichts machen...naja wenn nichts entfernt wurde

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

11.10.2012, 16:11	#34
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Viren selbst löschen, ohne neu Installation? Das Zeug ist da immer noch drin Fürhre den adwCleaner bitte vorher mal per Rechtsklick als Administrator und mach eine neue Suche __________________ Logfiles bitte immer in CODE-Tags posten

12.10.2012, 14:35	#39
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Viren selbst löschen, ohne neu Installation? Bitte wiederholen, irgendwie fehlt die erste Zeile im Fixscript (:OTL) - ich hab es schon in meinem letzten Post korrigiert __________________ Logfiles bitte immer in CODE-Tags posten

12.10.2012, 19:11	#43
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Viren selbst löschen, ohne neu Installation? Ja dann nimm den abgesicherten Modus mit Netzwerktreibern __________________ Logfiles bitte immer in CODE-Tags posten

Viren selbst löschen, ohne neu Installation?

Plagegeister aller Art und deren Bekämpfung: Viren selbst löschen, ohne neu Installation?