Leidiger ZeroAccess

chicky · 13.11.2012, 00:26

Hallo! Ich bin neu in diesem Forum und hoffe ihr könnt mir helfen.

dürfte mir den sog "ZeroAccess" Trojaner/Malware/Virus (kenn die unterschiede nicht so genau) eingfangen haben. Mein System wird an und für sich von McAfee geschützt, dürfte in diesem fall aber versagt haben. ich habe mich auch schon auf euren seiten erkundigt und so manches probiert (hoffentlich nichts verschlimmert).

unter anderem Kaspersky´s TDSS Killer, der zwar was findet, aber das problem offensichtlich nicht behoben hat.

McAfee findet folgendes:

Desktop.ini Löschen nicht möglich
Speicherort:
C:\Windows\assembly\GAC_64\Desktop.ini

Endeckte Bedrohungen:
Generic.dx!bfws (Trojaner)

Desktop.ini Löschen nicht möglich
Speicherort:
C:\Windows\assembly\GAC_64\Desktop.ini

Endeckte Bedrohungen:
ZeroAcces.hi (Trojaner)

Nun habe ich mir vorgenommen eure Step-by-Step Hilfe, so mir einer helfen möge, anzunehmen und mein system mal einen quick-scann mit malwarebytes Anti-Malware unterzogen und poste hier nun meinen bericht:

Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.12.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MeinPC12 :: 12-PC [Administrator]

Schutz: Aktiviert

13.11.2012 00:01:23
mbam-log-2012-11-13 (00-01-23).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 226156
Laufzeit: 8 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Dominik\AppData\Roaming\dclogs (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 28
C:\Users\Dominik\AppData\Roaming\rundll32.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-08-04-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-08-05-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-08-06-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-08-09-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-08-11-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-08-12-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-08-15-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-08-20-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-08-27-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-08-30-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-08-31-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-09-01-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-09-02-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-09-03-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-09-06-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-09-10-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-09-14-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-09-15-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-09-16-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-09-17-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-09-18-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-09-19-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-09-20-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-09-24-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-09-25-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-09-26-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dominik\AppData\Roaming\dclogs\2012-09-27-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Ich hoffe ihr könnt damit was anfangen und mir helfen. Vor allem datensicherung wär mir ganz wichtig. Win7 rescue cd habe ich alles...

Vielen Dank im Vorraus

lg
chicky

Kann es sein dass dieser gar nicht löschbar, sondern nur durch neu aufsetzen zu beseitigen ist?

Stimmt es dass dieser nur durch ein komplettes neu aufsetzten zu beseitigen ist?

ryder · 14.11.2012, 18:59

Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.

Zitat:

Lesestoff:
Regeln für die Bereinigung
Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt Rückmeldung (Logfile oder Antwort).

Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.

Bitte kein Crossposting (posten in mehreren Foren).

Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.

Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.

Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags). Nicht anhängen ausser ich fordere Dich dazu auf oder das Logfile ist zu gross. Erschwert mir nämlich das auswerten.

Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss.

Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.

Eine Bitte: Mache bitte solange mit, bis ich oder ein anderer Helfer dir mitteilt, dass du "sauber" bist. Das gebietet alleine schon die Höflichkeit und ein Verschwinden der Symptome bedeutet nicht, dass die Schädlinge auch wirklich alle entfernt wurden.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.

Wenn du das alles gelesen und verstanden hast, kannst du loslegen!

Du hast etwas mit TDSSKiller gelöscht? Das ist kein Spielzeug! Bitte poste zunächst alle Logfiles von TDSSKiller die sind direkt auf c:

chicky · 15.11.2012, 11:11

die log datei ist viel zu gros 589KB.

würde das "ergebnis" der suche allein was helfen? das wäre dann das:

00:37:59.0799 2180 Detected object count: 1
00:37:59.0799 2180 Actual detected object count: 1
00:38:04.0791 2180 C:\Windows\system32\services.exe - copied to quarantine
00:38:15.0711 2180 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Quarantine
00:38:55.0149 3180 Deinitialize success

bei allen anderen suchen steht immer OK am schluss.

k.A. ob dir das nützt, ansonsten müsste ich die den log bericht in 5-6 teile stückeln.

danke auf jeden fall dass du dir zeit nimmst

lg chicky

23:47:23.0610 3216 Detected object count: 1
23:47:23.0610 3216 Actual detected object count: 1
23:47:30.0096 3216 C:\Windows\system32\services.exe - copied to quarantine
ps: Das der zweite und letzte log-bericht:

23:47:42.0370 3216 Backup copy not found, trying to cure infected file..
23:47:42.0370 3216 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
23:47:42.0370 3216 C:\Windows\system32\services.exe - processing error
23:47:42.0370 3216 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure

ryder · 15.11.2012, 11:15

Jetzt keine Alleingänge mehr!

Scan mit Combofix

Zitat:

WARNUNG:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

chicky · 15.11.2012, 11:33

wie schalte ich mcafee aus?

ryder · 15.11.2012, 11:35

Keine Ahnung

Habs noch nie benutzt - notfalls deinstallieren.

chicky · 15.11.2012, 12:37

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-11-14.01 - Dominik 15.11.2012  12:17:38.1.8 - x64
ausgeführt von:: c:\users\Dominik\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Complitly
c:\program files (x86)\Complitly\chrome\ComplitlyChrome.crx
c:\program files (x86)\Complitly\FireFoxExtensionWithFF8Fix.exe
c:\program files (x86)\Complitly\FireFoxUninstaller.exe
c:\program files (x86)\Complitly\InstTracker.exe
c:\program files (x86)\Complitly\support@Complitly.com\chrome.manifest
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files (x86)\Complitly\support@Complitly.com\install.rdf
c:\program files (x86)\Complitly\System.Data.SQLite.dll
c:\program files (x86)\Complitly\unins000.dat
c:\program files (x86)\Complitly\unins000.exe
c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml
c:\programdata\PCDr\6032\AddOnDownloaded\087abda5-3ca9-433a-8a4e-6b9fc9285607.dll
c:\programdata\PCDr\6032\AddOnDownloaded\0f6f4769-e33b-4059-ac7e-958f5cedf6f3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\16535d13-dd9f-48ff-8ae3-e3135157e6da.dll
c:\programdata\PCDr\6032\AddOnDownloaded\21eb1c2f-b0d8-40e6-96dd-163437759b68.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2f733848-355c-4a6f-89a5-08a4dcc89c5c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\305a1406-381f-449d-9486-32504a38e5b0.dll
c:\programdata\PCDr\6032\AddOnDownloaded\358ba71b-117f-40d5-95aa-57de622719b7.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3b429c4f-8ba9-4a7d-bbb4-4548bb6d2539.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3c49c05a-0eb3-4044-a0f8-d4ea2a439295.dll
c:\programdata\PCDr\6032\AddOnDownloaded\45d3827c-bce8-440f-bcda-3bd183a7bac3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4704833a-6508-40cc-b98b-5ebd235e52ca.dll
c:\programdata\PCDr\6032\AddOnDownloaded\489f121a-4538-4839-9d1d-3c48e590be59.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4f64943e-d62a-4f2e-a3cd-98fb91e30469.dll
c:\programdata\PCDr\6032\AddOnDownloaded\5cd81d7c-326c-42d2-8929-1ee85c69dc1d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\5f169f6e-cfce-411e-b266-aa53ac35ce83.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7119bf4b-d404-4b31-8779-44fac71761fa.dll
c:\programdata\PCDr\6032\AddOnDownloaded\819a7f02-352c-4ccc-8fd0-40d8959b0b10.dll
c:\programdata\PCDr\6032\AddOnDownloaded\8c199aef-9eca-4ab6-863d-c9136ebec654.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a875f6ee-9729-4447-8d2c-63bd2e6396c1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\af728edb-0984-4c06-9a4b-0878bcfa9a26.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b510dd11-341c-4dfa-9f1e-dd5ddcc444f4.dll
c:\programdata\PCDr\6032\AddOnDownloaded\c4e27482-6f95-4a28-9cf2-d506c1b75180.dll
c:\programdata\PCDr\6032\AddOnDownloaded\cf9bce06-e765-4c6f-afa9-0d82a3adc417.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d3ef65ec-842a-4640-b428-aca2f4a966e6.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d78fa15b-2d61-4303-adaa-edec9ebbb2b3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\dbecb802-efe1-453f-828f-29af4ab73508.dll
c:\programdata\PCDr\6032\AddOnDownloaded\dc959002-1065-4317-b1a1-f360412a88d3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e1ce76af-328a-41dc-b2c4-0dd9771f6aa1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e3e252fe-80ab-4f89-82a9-b607007220bd.dll
c:\programdata\PCDr\6032\AddOnDownloaded\eb115e4d-8592-4082-bffa-e65ae6b21e95.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ed26c1b3-d9f9-42e8-80e0-cd62e65fd901.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ed2cc678-a9e6-4ef7-89b6-9bada02d1a74.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f28ef68b-8cc4-4c00-891d-473fb67bd0b0.dll
c:\programdata\Roaming
c:\users\Dominik\Media
c:\users\Dominik\Media\openttd.128.png
c:\users\Dominik\Media\openttd.16.png
c:\users\Dominik\Media\openttd.256.png
c:\users\Dominik\Media\openttd.32.png
c:\users\Dominik\Media\openttd.32.xpm
c:\users\Dominik\Media\openttd.48.png
c:\users\Dominik\Media\openttd.64.png
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-15 bis 2012-11-15  ))))))))))))))))))))))))))))))
.
.
2012-11-15 11:27 . 2012-11-15 11:27	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-11-15 11:27 . 2012-11-15 11:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-12 23:00 . 2012-11-12 23:00	--------	d-----w-	c:\users\Dominik\AppData\Roaming\Malwarebytes
2012-11-12 23:00 . 2012-11-12 23:00	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-12 23:00 . 2012-11-12 23:00	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-12 23:00 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-12 22:44 . 2012-11-12 22:52	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-11-07 16:50 . 2012-11-07 16:50	--------	d-----w-	c:\users\Dominik\AppData\Local\FLT
2012-11-07 16:44 . 2012-11-07 16:45	--------	d-----w-	c:\program files (x86)\Worms Revolution
2012-10-27 16:21 . 2012-10-22 17:12	73696	----a-w-	c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2012-10-27 16:21 . 2012-10-22 17:12	261600	----a-w-	c:\program files (x86)\Mozilla Firefox\updated\components\browsercomps.dll
2012-10-27 16:21 . 2012-10-22 17:12	18912	----a-w-	c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2012-10-24 18:21 . 2012-10-24 19:56	--------	d-----w-	c:\users\Dominik\AppData\Roaming\LRTimelapse
2012-10-24 18:18 . 2012-10-24 18:18	--------	d-----w-	c:\program files (x86)\LRTimelapse 2
2012-10-22 17:12 . 2012-10-27 18:19	96224	----a-w-	c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-22 17:12 . 2012-10-27 18:19	157272	----a-w-	c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-18 17:50 . 2012-10-18 17:50	--------	d-----w-	c:\program files\DIFX
2012-10-18 17:50 . 2012-10-18 17:50	--------	d-----w-	c:\program files (x86)\TERRATEC Electronic GmbH
2012-10-18 17:34 . 2012-10-18 17:34	--------	d-----w-	c:\users\Dominik\AppData\Roaming\MAGIX
2012-10-18 17:31 . 2012-10-18 17:34	--------	d-----w-	c:\programdata\MAGIX
2012-10-18 17:30 . 2012-10-18 17:34	--------	d-----w-	c:\program files (x86)\MAGIX
2012-10-18 17:30 . 2007-04-27 07:43	120200	----a-w-	c:\windows\SysWow64\DLLDEV32i.dll
2012-10-18 17:30 . 2012-10-18 17:34	--------	d-----w-	c:\windows\SysWow64\MAGIX
2012-10-18 17:30 . 2008-04-15 13:14	700416	----a-w-	c:\windows\SysWow64\mgxoschk.dll
2012-10-17 15:06 . 2012-10-17 15:06	--------	d-----w-	c:\users\Dominik\AppData\Roaming\com.dwuser.erwizard.EasyRotatorWizard
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-15 19:02 . 2012-05-20 08:47	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-15 19:02 . 2011-08-31 18:56	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 19:28 . 2011-09-21 10:43	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-09-14 19:19 . 2012-10-10 07:46	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 07:46	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-09-14 06:48 . 2012-09-14 06:48	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-31 18:19 . 2012-10-10 07:45	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 07:45	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 07:45	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 07:45	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-08-28 18:24 . 2012-05-25 13:56	477168	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-08-28 18:24 . 2011-08-31 19:03	473072	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-08-24 18:05 . 2012-10-10 07:44	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 07:44	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-24 07:03	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-24 07:03	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-24 07:03	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-24 07:03	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-24 07:03	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-24 07:03	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-24 07:03	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-24 07:03	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-24 07:03	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-24 07:03	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-24 07:03	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-24 07:03	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-24 07:03	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-24 07:03	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-24 07:03	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-24 07:03	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-24 07:03	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-24 07:03	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-24 07:03	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-24 07:03	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-24 07:03	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-24 07:03	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 19:06	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 19:06	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 19:06	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 19:06	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 13:48	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-08-21 11:01 . 2012-09-16 01:59	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01 . 2011-11-18 10:58	125872	----a-w-	c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2011-11-18 10:58	106928	----a-w-	c:\windows\SysWow64\GEARAspi.dll
2012-08-20 18:48 . 2012-10-10 07:45	243200	----a-w-	c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 07:45	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 07:45	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 07:45	215040	----a-w-	c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 07:45	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 07:45	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 07:45	1162240	----a-w-	c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 07:45	338432	----a-w-	c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 07:45	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:45	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:45	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:45	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:45	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:45	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:45	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:45	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:45	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:45	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:45	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:45	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:45	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:45	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:45	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:44	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:44	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:45	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:45	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:45	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:44	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:44	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:44	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:44	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:44	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:44	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:44	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 07:44	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 07:45	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 07:45	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 07:45	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 07:45	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 07:45	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 07:45	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:45	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:45	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:45	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:45	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:45	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:45	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:45	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:45	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:45	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:45	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:45	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:45	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:45	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 07:45	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}"= "c:\program files (x86)\BittorrentBar_DE\prxtbBitt.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
2011-05-09 08:49	176936	----a-w-	c:\program files (x86)\BittorrentBar_DE\prxtbBitt.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-07-24 23:22	194928	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}"= "c:\program files (x86)\BittorrentBar_DE\prxtbBitt.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52	94208	----a-w-	c:\users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52	94208	----a-w-	c:\users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52	94208	----a-w-	c:\users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 14:27	158224	----a-w-	c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-08-12 520330]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"TrayServer"="c:\program files (x86)\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\TrayServer.exe" [2008-01-17 90112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 hcw10cir;Hauppauge CIR Receiver;c:\windows\system32\drivers\hcw10cir.sys [2010-05-07 46080]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;c:\windows\system32\drivers\d554gps64.sys [2010-01-26 96296]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 hcw10bda;Hauppauge USB-Live2 (111xxx);c:\windows\system32\drivers\hcw10bda.sys [2010-05-07 593664]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-15 174168]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-11-02 410184]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-11-02 341832]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-11-02 16008]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2010-12-12 121960]
R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-06 1255736]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-09 2983808]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 28992]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-14 283200]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-05-15 249152]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys [2012-04-09 352144]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-06-16 176000]
S3 d554scard;Dell Wireless 5540 HSPA Mini-Card USIM Port;c:\windows\system32\DRIVERS\d554scard.sys [2010-06-24 60968]
S3 ecnssndis;Service for enabling selective suspend to NDIS device;c:\windows\system32\Drivers\wwuss64.sys [2010-03-03 26664]
S3 ecnssndisfltr;SSNDIS filter service;c:\windows\system32\Drivers\wwussf64.sys [2010-03-03 30248]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-11-02 22408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 Mbm3CBus;Dell Wireless HSPA Mini-Card Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2010-04-27 378952]
S3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys [2010-04-27 416328]
S3 Mbm3mdfl;Dell Wireless HSPA Mini-Card Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2010-04-27 19528]
S3 Mbm3Mdm;Dell Wireless HSPA Mini-Card Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2010-04-27 468552]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 WwanUsbServ;Ericsson WWAN Wireless Module Device Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys [2010-07-30 274984]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 19:02]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-06 09:35]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-06 09:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52	97792	----a-w-	c:\users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52	97792	----a-w-	c:\users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52	97792	----a-w-	c:\users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-10-18 21:52	97792	----a-w-	c:\users\Dominik\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 14:27	190480	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-08-08 2034752]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-09-29 110360]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 2184520]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=A0939B3D5B52598008EC25502383B7F4&tbp=homepage
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\eyrtvfbr.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - ExtSQL: 2012-09-19 12:33; firefoxaddon@youtubeenhancer.com; c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\eyrtvfbr.default\extensions\firefoxaddon@youtubeenhancer.com.xpi
FF - ExtSQL: 2012-09-19 12:58; elemhidehelper@adblockplus.org; c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\eyrtvfbr.default\extensions\elemhidehelper@adblockplus.org.xpi
FF - ExtSQL: 2012-09-19 12:59; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\eyrtvfbr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-10-16 12:56; quickstores@quickstores.de; c:\program files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-15  12:33:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-11-15 11:33
.
Vor Suchlauf: 20 Verzeichnis(se), 202.573.983.744 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 202.279.788.544 Bytes frei
.
- - End Of File - - 7C6BCDDC37DD0C7156FD98D4918FA6C5

--- --- ---

ryder · 15.11.2012, 12:42

Sehr gut, ZeroAccess haben wir erwischt.

Es geht dann weiter:

Schritt 1:
AdwCleaner: Werbeprogramme suchen und löschen

Downloade Dir bitte AdwCleaner auf deinen Desktop.
Starte die adwcleaner.exe mit einem Doppelklick.

Klicke auf Löschen.

Bestätige jeweils mit Ok.

Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.

Poste mir den Inhalt mit deiner nächsten Antwort.

Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 2:
Customscan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Starte bitte die OTL.exe.

Stelle folgendes ein:
Haken bei "Alle Benutzer scannen" und "Inklusive 64bit Scans"

Ausgabe: Minimal

Benutze SafeList in jedem Feld.

Haken bei "Benutze Hersteller-Whitelist"

Dateien erstellt und verändert innerhalb Datei-Alter

Haken bei LOP Prüfung und Purity Prüfung

Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.exe
%PROGRAMFILES(X86)%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /10
%appdata%\*. 
%appdata%\*.* 
%appdata%\*.exe /s
%localappdata%\*. 
%localappdata%\*.*
%localappdata%\*.exe /s
%allusersprofile%\*. 
%allusersprofile%\*.*
%allusersprofile%\*.exe /s
CREATERESTOREPOINT
         
Schliesse bitte nun alle Programme. (Wichtig)

Klicke nun bitte auf den Scan Button.

Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread (möglichst in CODE-Tags)

chicky · 15.11.2012, 13:36

Zu Schritt 1:

# AdwCleaner v2.007 - Datei am 15/11/2012 um 13:09:58 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Dominik - DOMINIK-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dominik\Downloads\adwcleaner.exe
# Option [Löschen]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Dominik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gelöscht : C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Ordner Gelöscht : C:\Program Files (x86)\BittorrentBar_DE
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Ordner Gelöscht : C:\Program Files (x86)\Yontoo
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\blekko toolbars
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Dominik\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Dominik\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Dominik\AppData\LocalLow\BittorrentBar_DE
Ordner Gelöscht : C:\Users\Dominik\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Dominik\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Dominik\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Dominik\AppData\Roaming\Complitly
Ordner Gelöscht : C:\Users\Dominik\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Dominik\AppData\Roaming\QuickStoresToolbar
Ordner Gelöscht : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BittorrentBar_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Complitly
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BittorrentBar_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BCE90EC8-E22B-4937-BC8A-DABBB43D963E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BCE90EC8-E22B-4937-BC8A-DABBB43D963E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17FAE48A-2256-4AF4-BE99-7149AD0EBF3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91C18379-C21D-49A9-8C5C-A731806507F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BittorrentBar_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=A0939B3D5B52598008EC25502383B7F4&tbp=homepage --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default
Datei : C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\eyrtvfbr.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [14521 octets] - [15/11/2012 13:09:58]

########## EOF - C:\AdwCleaner[S1].txt - [14582 octets] ##########

Schritt 2:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 15.11.2012 13:17:00 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dominik\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 6,19 Gb Available Physical Memory | 78,39% Memory free
15,79 Gb Paging File | 13,96 Gb Available in Paging File | 88,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576,54 Gb Total Space | 189,08 Gb Free Space | 32,79% Space Free | Partition Type: NTFS
Drive E: | 1,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: DOMINIK-PC | User Name: Dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dominik\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Dominik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe ()
PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe (Ericsson AB)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\DataService.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
MOD - c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe File not found
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (WMCoreService) -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe (Ericsson AB)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020200}_0) -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech)
DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)
DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys ()
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)
DRV:64bit: - (WwanUsbServ) -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys (Ericsson AB)
DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (d554scard) -- C:\Windows\SysNative\drivers\d554scard.sys (Ericsson AB)
DRV:64bit: - (hcw10bda) -- C:\Windows\SysNative\drivers\hcw10bda.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hcw10cir) -- C:\Windows\SysNative\drivers\hcw10cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (Mbm3Mdm) -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys (MCCI Corporation)
DRV:64bit: - (Mbm3DevMt) -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys (MCCI Corporation)
DRV:64bit: - (Mbm3CBus) -- C:\Windows\SysNative\drivers\Mbm3CBus.sys (MCCI Corporation)
DRV:64bit: - (Mbm3mdfl) -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys (MCCI Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ecnssndisfltr) -- C:\Windows\SysNative\drivers\wwussf64.sys (Ericsson AB)
DRV:64bit: - (ecnssndis) -- C:\Windows\SysNative\drivers\wwuss64.sys (Ericsson AB)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (d554gps) -- C:\Windows\SysNative\drivers\d554gps64.sys (Ericsson AB)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (XUIF) -- C:\Windows\SysNative\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{AB026457-CA4C-44C8-B81B-A618322283F0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{AB026457-CA4C-44C8-B81B-A618322283F0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4260018220-910525052-71499366-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-4260018220-910525052-71499366-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4260018220-910525052-71499366-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4260018220-910525052-71499366-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: firefoxaddon@youtubeenhancer.com:1.3
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.03.23 00:23:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files (x86)\SearchPredict\PRFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 19:19:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.27 21:30:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
 
[2012.09.19 11:16:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\Extensions
[2012.10.24 11:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\Firefox\Profiles\eyrtvfbr.default\extensions
[2012.09.19 11:58:55 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\firefox\profiles\eyrtvfbr.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012.10.10 12:10:47 | 000,041,896 | ---- | M] () (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\firefox\profiles\eyrtvfbr.default\extensions\firefoxaddon@youtubeenhancer.com.xpi
[2012.09.19 11:59:34 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\firefox\profiles\eyrtvfbr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.15 13:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.06 20:52:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.27 19:19:08 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.11.15 12:28:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120714211850.dll File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120714211850.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\TrayServer.exe (MAGIX AG)
O4 - HKU\S-1-5-21-4260018220-910525052-71499366-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4260018220-910525052-71499366-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - Startup: C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dominik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4260018220-910525052-71499366-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4260018220-910525052-71499366-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F591FE4-6CD6-4EDE-A08D-60E553EC62B1}: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F85EE4A-FCDA-4666-937F-A16D3B458CD6}: DhcpNameServer = 213.162.69.169 213.162.69.170
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{785AC3F3-287C-4690-B3F9-200E649D29FD}: DhcpNameServer = 213.162.69.169 213.162.69.170
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AB88E46-306F-450D-B05A-5C6CC012606A}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.10.10 18:17:02 | 000,000,066 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^Users^Dominik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe - (Intel® Corporation)
MsConfig:64bit - StartUpReg: AccuWeatherWidget - hkey= - key= - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
MsConfig:64bit - StartUpReg: Dell DataSafe Online - hkey= - key= - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
MsConfig:64bit - StartUpReg: HFALoader - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: NeroLauncher - hkey= - key= - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - C:\Program Files\mcafee\VirusScan\mcods.exe File not found
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SafeBootNet:64bit: MCODS - C:\Program Files\mcafee\VirusScan\mcods.exe File not found
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.15 12:28:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.15 12:15:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.15 12:15:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.15 12:15:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.15 11:31:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.15 11:31:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.13 00:00:41 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Malwarebytes
[2012.11.13 00:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.13 00:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.13 00:00:04 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.13 00:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.12 23:44:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.11.07 17:50:04 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\FLT
[2012.11.07 17:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Worms Revolution
[2012.11.07 17:44:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Worms Revolution
[2012.10.26 22:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
[2012.10.25 21:56:56 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\Euro Truck Simulator 2
[2012.10.24 19:21:29 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\LRTimelapse
[2012.10.24 19:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LRTimelapse 2
[2012.10.24 19:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LRTimelapse 2
[2012.10.24 12:19:00 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.10.22 14:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.10.18 18:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012.10.18 18:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TERRATEC Electronic GmbH
[2012.10.18 18:34:55 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\MAGIX Downloads
[2012.10.18 18:34:37 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\MAGIX
[2012.10.18 18:34:13 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\MAGIX_Screenshare
[2012.10.18 18:33:50 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\MAGIX_Online_Druck_Service
[2012.10.18 18:32:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared
[2012.10.18 18:32:50 | 000,430,080 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\MXRestore.exe
[2012.10.18 18:32:49 | 000,192,512 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLRES32.dll
[2012.10.18 18:32:49 | 000,167,936 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDEV32.dll
[2012.10.18 18:32:49 | 000,151,552 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDRV32.dll
[2012.10.18 18:32:49 | 000,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCDA32.dll
[2012.10.18 18:32:49 | 000,098,304 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCPY32.dll
[2012.10.18 18:32:49 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPTL32.dll
[2012.10.18 18:32:49 | 000,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCDF32.dll
[2012.10.18 18:32:49 | 000,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLTPO32.dll
[2012.10.18 18:32:49 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPRJ32.dll
[2012.10.18 18:32:49 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIO32.dll
[2012.10.18 18:32:49 | 000,049,152 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPRF32.dll
[2012.10.18 18:32:49 | 000,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIMG32.dll
[2012.10.18 18:32:49 | 000,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLRD32.dll
[2012.10.18 18:32:49 | 000,036,864 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPNT32.dll
[2012.10.18 18:32:49 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\STRING32.dll
[2012.10.18 18:32:49 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLMSC32.dll
[2012.10.18 18:32:49 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLISO32.dll
[2012.10.18 18:32:49 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDIR32.dll
[2012.10.18 18:32:49 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\TTIC32.dll
[2012.10.18 18:32:49 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\TTI32.dll
[2012.10.18 18:32:49 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIX.dll
[2012.10.18 18:32:48 | 000,618,496 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLAV32.dll
[2012.10.18 18:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012.10.18 18:31:53 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\MAGIX_Filme_auf_DVD_7_TerraTec_Edition
[2012.10.18 18:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.10.18 18:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2012.10.18 18:30:17 | 000,700,416 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\mgxoschk.dll
[2012.10.18 18:30:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\MAGIX
[2012.10.17 16:20:50 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\EasyRotatorWPContent
[2012.10.17 16:06:59 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\com.dwuser.erwizard.EasyRotatorWizard
[2011.09.15 21:19:37 | 009,418,752 | ---- | C] (OpenTTD Development Team) -- C:\Users\Dominik\openttd.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.15 13:18:20 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 13:18:20 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 13:15:34 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.15 13:15:34 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.15 13:15:34 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.15 13:15:34 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.15 13:15:34 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.15 13:11:13 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.15 13:11:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.15 13:10:54 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.15 12:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.15 12:43:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.15 12:28:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.13 00:00:11 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.07 17:37:57 | 000,266,401 | ---- | M] () -- C:\Users\Dominik\Desktop\virus.jpg
[2012.10.28 13:41:47 | 000,007,606 | ---- | M] () -- C:\Users\Dominik\AppData\Local\resmon.resmoncfg
[2012.10.24 12:25:26 | 000,001,047 | ---- | M] () -- C:\Users\Dominik\Desktop\Dropbox.lnk
[2012.10.24 12:19:09 | 000,001,057 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.10.22 14:02:31 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.10.21 12:51:36 | 005,328,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.18 18:34:09 | 000,007,119 | ---- | M] () -- C:\Windows\mgxoschk.ini
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.15 12:15:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.15 12:15:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.15 12:15:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.15 12:15:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.15 12:15:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.13 00:00:11 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.07 17:37:57 | 000,266,401 | ---- | C] () -- C:\Users\Dominik\Desktop\virus.jpg
[2012.10.24 12:25:26 | 000,001,047 | ---- | C] () -- C:\Users\Dominik\Desktop\Dropbox.lnk
[2012.10.24 12:19:09 | 000,001,057 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.10.22 14:02:31 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.10.18 18:32:49 | 000,014,182 | ---- | C] () -- C:\Windows\SysWow64\DLLAV32.lib
[2012.10.18 18:30:40 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2012.10.18 18:30:17 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.03.21 17:42:32 | 000,146,774 | ---- | C] () -- C:\Windows\hpoins44.dat
[2012.03.21 17:42:32 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat
[2011.12.02 17:11:34 | 000,007,606 | ---- | C] () -- C:\Users\Dominik\AppData\Local\resmon.resmoncfg
[2011.10.18 19:32:43 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.10.18 19:32:43 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.10.18 19:32:34 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2011.10.18 19:31:49 | 000,005,072 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2011.09.19 10:35:59 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.09.19 10:35:52 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.09.19 10:35:52 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.16 12:16:58 | 000,015,872 | ---- | C] () -- C:\Users\Dominik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.31 21:24:55 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.08.31 21:24:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.08.31 21:24:07 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.31 21:24:06 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.02.11 11:22:50 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.01.17 11:56:01 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\.minecraft
[2011.09.05 19:59:25 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Ashampoo
[2012.11.12 02:33:59 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\BitTorrent
[2012.02.09 23:44:46 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Canon
[2011.09.29 15:19:13 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.09.27 15:32:21 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\CloneSpy
[2012.10.17 16:06:59 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\com.dwuser.erwizard.EasyRotatorWizard
[2012.02.01 13:08:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\DAEMON Tools Lite
[2011.11.26 15:04:25 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\DAEMON Tools Pro
[2011.09.26 17:52:55 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\DocumentsToGoDesktop
[2012.11.15 13:11:41 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Dropbox
[2012.03.05 08:51:26 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Fingertapps
[2012.03.05 20:20:15 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\iolo
[2011.09.11 20:43:10 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Kalypso Media
[2012.10.24 20:56:13 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\LRTimelapse
[2012.10.18 18:34:37 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\MAGIX
[2012.03.12 10:40:14 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\PACE Anti-Piracy
[2011.12.04 23:19:58 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\PCDr
[2012.11.13 15:19:39 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Spotify
[2012.03.12 10:41:10 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.05.11 13:25:00 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\TeamViewer
[2012.09.27 20:29:46 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\TuneUp Software
[2012.09.21 00:52:25 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Ubisoft
[2012.09.27 21:15:59 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\WindSolutions
[2011.09.22 15:11:39 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.11.15 12:28:53 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.06.14 16:36:56 | 000,000,000 | ---D | M] -- C:\0244ccfc38fb8dc5ddfff7
[2011.08.31 20:44:55 | 000,000,000 | ---D | M] -- C:\apps
[2012.02.09 23:40:36 | 000,000,000 | ---D | M] -- C:\Canon-Drucker
[2012.09.27 21:04:36 | 000,000,000 | ---D | M] -- C:\Contacts
[2011.09.06 16:10:58 | 000,000,000 | ---D | M] -- C:\DELL
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.09.05 16:12:00 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.11.09 12:09:29 | 000,000,000 | ---D | M] -- C:\Dominik
[2011.08.31 21:25:31 | 000,000,000 | ---D | M] -- C:\Drivers
[2011.09.05 16:56:37 | 000,000,000 | ---D | M] -- C:\FIND_EULA_PATH
[2011.10.18 19:46:17 | 000,000,000 | ---D | M] -- C:\IExp0.tmp
[2011.10.18 19:46:19 | 000,000,000 | ---D | M] -- C:\IExp1.tmp
[2012.09.27 21:04:36 | 000,000,000 | ---D | M] -- C:\iPod_Control
[2011.09.06 16:37:53 | 000,000,000 | R--D | M] -- C:\MSOCache
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.15 12:13:54 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.11.15 13:09:59 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.11.15 13:09:59 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.09.05 16:12:00 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.11.15 12:33:43 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.09.05 16:19:15 | 000,000,000 | -HSD | M] -- C:\System Recovery
[2012.11.07 17:46:34 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.11.12 23:52:22 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine
[2011.09.05 17:26:18 | 000,000,000 | ---D | M] -- C:\Temp
[2012.04.25 18:27:00 | 000,000,000 | R--D | M] -- C:\Users
[2012.02.09 23:23:20 | 000,000,000 | ---D | M] -- C:\VueScan
[2012.11.15 12:28:47 | 000,000,000 | ---D | M] -- C:\Windows
 
< %SYSTEMDRIVE%\*.* >
[2012.03.19 15:18:32 | 000,094,587 | ---- | M] () -- C:\2600.log
[2012.11.15 13:10:04 | 000,014,604 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2012.11.15 12:33:41 | 000,039,758 | ---- | M] () -- C:\ComboFix.txt
[2011.08.31 21:16:02 | 000,004,349 | RH-- | M] () -- C:\dell.sdr
[2011.08.31 20:06:01 | 000,001,159 | ---- | M] () -- C:\freefallprotection.log
[2012.11.15 13:10:54 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.29 08:21:03 | 000,000,080 | ---- | M] () -- C:\log.txt
[2012.11.15 13:10:58 | 4183,994,367 | -HS- | M] () -- C:\pagefile.sys
[2012.02.02 23:05:35 | 001,289,603 | ---- | M] () -- C:\s7b0.4
[2012.02.02 23:05:36 | 000,697,727 | ---- | M] () -- C:\s7b0.5
[2012.06.25 19:42:54 | 000,000,001 | ---- | M] () -- C:\s_pov.bin
[2012.11.12 23:43:07 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.11.0_12.11.2012_23.43.03_log.txt
[2012.11.12 23:47:44 | 000,450,172 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_12.11.2012_23.43.33_log.txt
[2012.11.13 00:38:55 | 000,602,428 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_12.11.2012_23.51.08_log.txt
[2012.06.29 08:03:17 | 000,001,145 | ---- | M] () -- C:\WirelessDiagLog.csv
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
< %PROGRAMFILES%\*.exe >
 
< %PROGRAMFILES(X86)%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /10 >
 
< %appdata%\*.  >
[2012.01.17 11:56:01 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\.minecraft
[2012.07.31 15:51:29 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Adobe
[2012.03.12 17:06:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Adobe Mini Bridge CS5.1
[2012.03.22 20:08:39 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Apple Computer
[2011.09.05 19:59:25 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Ashampoo
[2012.11.12 02:33:59 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\BitTorrent
[2012.02.09 23:44:46 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Canon
[2011.09.29 15:19:13 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.09.27 15:32:21 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\CloneSpy
[2012.10.17 16:06:59 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\com.dwuser.erwizard.EasyRotatorWizard
[2011.09.29 15:04:33 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Creative
[2012.02.01 13:08:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\DAEMON Tools Lite
[2011.11.26 15:04:25 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\DAEMON Tools Pro
[2011.10.22 10:36:51 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Dell
[2011.09.05 16:17:19 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Dell Touch Zone
[2011.09.26 17:52:55 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\DocumentsToGoDesktop
[2012.11.15 13:11:41 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Dropbox
[2012.04.24 16:20:18 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\dvdcss
[2012.03.05 08:51:26 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Fingertapps
[2011.09.05 16:16:54 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Identities
[2011.09.05 16:12:21 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Intel
[2012.03.05 20:20:15 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\iolo
[2011.09.11 20:43:10 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Kalypso Media
[2012.10.24 20:56:13 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\LRTimelapse
[2011.08.31 20:22:48 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Macromedia
[2011.09.08 23:44:47 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Macrovision
[2012.10.18 18:34:37 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\MAGIX
[2012.11.13 00:00:41 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Malwarebytes
[2010.11.21 08:00:23 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Media Center Programs
[2012.08.03 11:59:08 | 000,000,000 | --SD | M] -- C:\Users\Dominik\AppData\Roaming\Microsoft
[2012.09.19 11:16:50 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Mozilla
[2011.10.19 13:54:20 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\NCH Software
[2011.09.05 16:55:14 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Nero
[2012.04.25 18:32:10 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\NVIDIA
[2012.03.12 10:40:14 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\PACE Anti-Piracy
[2011.12.04 23:19:58 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\PCDr
[2012.01.11 21:28:02 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Roxio
[2011.09.08 23:40:04 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Roxio Burn
[2012.11.10 17:26:39 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Skype
[2012.11.13 15:19:39 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Spotify
[2012.03.12 10:41:10 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.05.11 13:25:00 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\TeamViewer
[2012.09.27 20:29:46 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\TuneUp Software
[2012.09.21 00:52:25 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Ubisoft
[2012.11.07 17:48:08 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\vlc
[2012.09.27 20:46:58 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Winamp
[2012.09.27 21:15:59 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\WindSolutions
[2011.12.02 16:02:13 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\WinRAR
[2011.09.22 15:11:39 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\XnView
 
< %appdata%\*.*  >
 
< %appdata%\*.exe /s >
[2011.03.01 14:26:14 | 000,270,848 | ---- | M] (Teckda) -- C:\Users\Dominik\AppData\Roaming\.minecraft\Minecraft Cracked.exe
[2010.10.21 02:00:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Dominik\AppData\Roaming\.minecraft\Minecraft Updater.exe
[2010.09.25 10:15:25 | 000,232,159 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\.minecraft\Minecraft.exe
[2012.01.17 11:54:24 | 000,290,837 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\.minecraft\Uninstall.exe
[2012.10.18 23:33:50 | 026,643,352 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dominik\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.10.18 23:34:02 | 000,181,800 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2012.10.18 23:33:52 | 000,874,424 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2011.10.03 19:55:30 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Dominik\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.03.12 10:31:25 | 000,010,134 | R--- | M] () -- C:\Users\Dominik\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
[2012.10.28 12:54:21 | 007,880,664 | ---- | M] (Spotify Ltd) -- C:\Users\Dominik\AppData\Roaming\Spotify\spotify.exe
[2012.10.28 12:54:21 | 000,117,208 | ---- | M] (Spotify Ltd) -- C:\Users\Dominik\AppData\Roaming\Spotify\SpotifyLauncher.exe
[2012.10.28 12:54:21 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Dominik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
 
< %localappdata%\*.  >
[2011.10.10 17:29:26 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\2K Games
[2012.07.31 16:59:37 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Adobe
[2011.09.05 16:12:20 | 000,000,000 | -HSD | M] -- C:\Users\Dominik\AppData\Local\Anwendungsdaten
[2011.09.05 19:05:18 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Apple
[2011.09.05 19:06:12 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Apple Computer
[2012.07.29 12:54:44 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Apps
[2011.10.22 10:39:50 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\ArcSoft
[2012.08.09 10:35:41 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\blekkotb_031
[2012.05.29 20:01:58 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\CRE
[2012.06.06 14:53:41 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Daniel_Espendiller
[2011.09.05 16:18:01 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Dell
[2011.12.05 00:54:20 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Dell Edoc Viewer
[2012.07.29 12:55:07 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Deployment
[2012.10.12 10:47:12 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Diagnostics
[2012.09.27 20:46:54 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Downloaded Installations
[2012.01.05 15:47:36 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\ElevatedDiagnostics
[2012.11.07 17:50:04 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\FLT
[2012.07.29 12:55:16 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Google
[2012.02.02 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\libimobiledevice
[2011.11.02 17:25:16 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Logitech
[2012.06.20 23:52:08 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Macromedia
[2012.09.27 21:26:13 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Macroplant_LLC
[2012.04.16 01:28:00 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Microsoft
[2012.10.17 13:10:14 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Microsoft Games
[2012.09.27 20:46:56 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Microsoft Help
[2011.09.05 17:05:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Mozilla
[2012.07.10 21:39:09 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Nero
[2011.09.05 20:56:06 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Nero_AG
[2012.03.12 10:40:14 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\PACE Anti-Piracy
[2011.09.12 10:10:33 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\SKIDROW
[2012.09.23 21:56:45 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Skyrim
[2011.09.16 10:05:53 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\SoftThinks
[2012.01.11 21:27:07 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Sonic_Solutions
[2012.11.13 14:09:44 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Spotify
[2012.11.15 13:24:43 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Temp
[2011.09.05 16:12:20 | 000,000,000 | -HSD | M] -- C:\Users\Dominik\AppData\Local\Temporary Internet Files
[2012.02.14 00:29:14 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Ubisoft Game Launcher
[2011.09.05 16:12:20 | 000,000,000 | -HSD | M] -- C:\Users\Dominik\AppData\Local\Verlauf
[2012.10.24 19:21:23 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\VirtualStore
[2012.03.05 23:33:07 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Western Digital
[2012.04.22 16:22:31 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Windows Live
[2011.10.19 21:16:18 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\{0AA5C843-0ADD-4F8D-AB62-7C17C4C2D5F6}
[2011.10.19 22:14:01 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\{5CAB2A37-7FB5-413E-AC6A-A4CF0F91D506}
[2011.10.19 22:14:44 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\{825ACAB1-C09F-41E0-AEB1-8BC0F6963E47}
[2011.10.19 22:14:32 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\{859BD203-B32A-4192-9B22-41B96C3DBD7F}
[2011.10.18 20:03:41 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\{8CA54372-CC31-4294-A7A9-129A58E06CD2}
 
< %localappdata%\*.* >
[2012.07.30 19:57:16 | 000,015,872 | ---- | M] () -- C:\Users\Dominik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.22 14:07:51 | 000,153,744 | ---- | M] () -- C:\Users\Dominik\AppData\Local\GDIPFONTCACHEV1.DAT
[2012.11.15 13:10:24 | 005,080,426 | -H-- | M] () -- C:\Users\Dominik\AppData\Local\IconCache.db
[2012.10.28 13:41:47 | 000,007,606 | ---- | M] () -- C:\Users\Dominik\AppData\Local\resmon.resmoncfg
 
< %localappdata%\*.exe /s >
[2012.07.29 12:55:02 | 000,739,640 | ---- | M] (Google Inc.) -- C:\Users\Dominik\AppData\Local\Apps\2.0\0ZXY06XG.JC2\7BQ933LV.TEW\clic...exe_4fe91ede9f9bdca3_0001.0003_none_8152382b64d98ef8\GoogleUpdateSetup.exe
[2012.07.29 12:55:03 | 000,009,640 | ---- | M] () -- C:\Users\Dominik\AppData\Local\Apps\2.0\0ZXY06XG.JC2\7BQ933LV.TEW\goog...app_4fe91ede9f9bdca3_0001.0003_24c2cf8356e1ef51\clickonce_bootstrap.exe
[2012.07.29 12:55:02 | 000,739,640 | ---- | M] (Google Inc.) -- C:\Users\Dominik\AppData\Local\Apps\2.0\0ZXY06XG.JC2\7BQ933LV.TEW\goog...app_4fe91ede9f9bdca3_0001.0003_24c2cf8356e1ef51\GoogleUpdateSetup.exe
[2011.10.18 20:04:13 | 001,287,016 | ---- | M] (Microsoft Corporation) -- C:\Users\Dominik\AppData\Local\Microsoft\Windows Live\Installer\Catalog\wlsetup.exe
 
< %allusersprofile%\*.  >
[2012.09.16 02:59:21 | 000,000,000 | ---D | M] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.09.14 09:38:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2012.06.29 15:41:14 | 000,000,000 | ---D | M] -- C:\ProgramData\ALM
[2011.09.05 16:12:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2011.09.06 16:18:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2011.09.05 19:05:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011.10.22 10:39:56 | 000,000,000 | ---D | M] -- C:\ProgramData\ArcSoft
[2011.09.17 12:19:16 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2012.02.09 23:44:46 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan
[2012.09.27 20:29:14 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2011.09.16 12:15:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Creative
[2012.09.21 00:20:52 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2011.11.26 14:57:04 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Pro
[2011.09.05 16:56:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Dell
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011.09.05 16:12:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011.10.04 14:37:45 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2011.10.04 14:37:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2011.09.05 16:12:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011.09.17 12:49:26 | 000,000,000 | ---D | M] -- C:\ProgramData\FLEXnet
[2012.03.25 18:05:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Freemake
[2012.03.21 17:42:30 | 000,000,000 | ---D | M] -- C:\ProgramData\HP
[2011.08.31 20:20:53 | 000,000,000 | ---D | M] -- C:\ProgramData\install_clap
[2011.08.31 20:53:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Intel
[2012.03.05 20:20:21 | 000,000,000 | ---D | M] -- C:\ProgramData\iolo
[2011.08.31 20:42:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Macrovision
[2012.10.18 18:34:12 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2012.11.13 00:00:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2012.11.15 12:13:59 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee
[2011.12.04 23:19:48 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2012.10.10 20:28:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2012.05.02 10:18:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2011.10.19 09:17:43 | 000,000,000 | ---D | M] -- C:\ProgramData\NCH Software
[2011.08.31 20:28:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Nero
[2012.11.15 13:11:01 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA
[2011.08.31 12:46:44 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA Corporation
[2012.03.12 10:40:14 | 000,000,000 | ---D | M] -- C:\ProgramData\PACE Anti-Piracy
[2012.08.31 15:24:52 | 000,000,000 | ---D | M] -- C:\ProgramData\PC-Doctor for Windows
[2012.09.29 11:51:47 | 000,000,000 | ---D | M] -- C:\ProgramData\PCDr
[2011.08.31 20:43:54 | 000,000,000 | ---D | M] -- C:\ProgramData\PhotoShow Shared Assets
[2012.07.31 16:59:24 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.01.11 21:28:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Roxio
[2012.09.14 07:44:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype
[2012.11.07 15:26:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Sonic
[2012.09.17 15:13:23 | 000,000,000 | ---D | M] -- C:\ProgramData\SpeedBit
[2012.09.24 22:16:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Spybot - Search & Destroy
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011.09.05 16:12:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011.08.31 20:03:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2011.11.08 14:52:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Tages
[2012.09.17 15:08:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012.09.27 20:29:47 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2011.10.19 13:57:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2012.02.09 23:15:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Uniblue
[2011.08.31 20:44:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2011.09.05 16:12:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012.09.27 21:14:06 | 000,000,000 | ---D | M] -- C:\ProgramData\WindSolutions
[2012.09.27 20:46:54 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012.09.27 20:46:54 | 000,000,000 | -HSD | M] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
 
< %allusersprofile%\*.* >
[2012.03.21 17:47:46 | 000,000,357 | ---- | M] () -- C:\ProgramData\hpzinstall.log
 
< %allusersprofile%\*.exe /s >
[2012.08.21 12:01:28 | 001,977,816 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\GEARDIFx.exe
[2012.08.21 12:01:20 | 000,131,544 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DifXInst64.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\14304\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\14304\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\14304\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\14304\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\19966\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\19966\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\19966\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\19966\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\5726\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\5726\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\5726\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\5726\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\9201\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\9201\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\9201\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\9201\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\967\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\967\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\967\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\967\ReaderUpdater.exe
[2010.03.01 22:44:10 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\java-rmi.exe
[2010.03.01 22:44:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\java.exe
[2010.03.01 22:44:10 | 000,059,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\javacpl.exe
[2010.03.01 22:44:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\javaw.exe
[2010.03.01 22:44:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\javaws.exe
[2010.03.01 22:44:12 | 000,079,648 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\jbroker.exe
[2010.03.01 22:44:12 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\jp2launcher.exe
[2010.03.01 22:44:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\jqs.exe
[2010.03.01 22:44:12 | 000,055,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\jqsnotify.exe
[2010.03.01 22:44:12 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\jucheck.exe
[2010.03.01 22:44:12 | 000,055,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\jureg.exe
[2010.03.01 22:44:14 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\jusched.exe
[2010.03.01 22:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\keytool.exe
[2010.03.01 22:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\kinit.exe
[2010.03.01 22:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\klist.exe
[2010.03.01 22:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\ktab.exe
[2010.03.01 22:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\orbd.exe
[2010.03.01 22:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\pack200.exe
[2010.03.01 22:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\policytool.exe
[2010.03.01 22:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\rmid.exe
[2010.03.01 22:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\rmiregistry.exe
[2010.03.01 22:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\servertool.exe
[2010.03.01 22:44:14 | 000,030,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\ssvagent.exe
[2010.03.01 22:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\tnameserv.exe
[2010.03.01 22:44:14 | 000,132,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\unpack200.exe
[2012.09.16 02:51:21 | 000,073,624 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple Computer\Installer Cache\iTunes 10.7.0.21\SetupAdmin.exe
[2011.11.17 10:46:21 | 000,073,576 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 1.0.1.29\SetupAdmin.exe
[2011.12.04 23:37:12 | 000,073,576 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 1.0.2.17\SetupAdmin.exe
[2012.03.18 12:51:03 | 000,073,576 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 1.1.0.40\SetupAdmin.exe
[2008.09.26 15:19:04 | 001,021,216 | ---- | M] (Acresso Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\11\agent.exe
[2007.03.20 21:25:36 | 000,205,744 | ---- | M] (InstallShield Software Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\11\dwusplay.exe
[2008.09.26 15:19:06 | 000,279,840 | ---- | M] (Acresso Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\11\ISDM.exe
[2008.09.26 15:19:04 | 000,079,136 | ---- | M] (Acresso Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\11\issch.exe
[2008.09.26 15:19:04 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
[2005.10.08 16:14:46 | 000,040,960 | ---- | M] (Magix AG) -- C:\ProgramData\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\Default\fcdummy.exe
[2006.02.14 13:03:04 | 000,024,576 | ---- | M] (Magix AG) -- C:\ProgramData\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\Default\Validation.exe
[2004.09.13 12:29:46 | 000,200,704 | ---- | M] () -- C:\ProgramData\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\DVD\WMV_DISC\licgen.exe
[1997.10.15 21:03:40 | 000,018,944 | ---- | M] () -- C:\ProgramData\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\DVD\WMV_DISC\components\shelexec.exe
[2003.11.04 17:20:34 | 000,006,144 | ---- | M] () -- C:\ProgramData\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\DVD\WMV_DISC\components\videowritetest.exe
[2010.03.31 13:05:54 | 001,100,664 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\setup.exe
[2010.03.24 10:51:52 | 000,838,536 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\Office.de-de\DW20.EXE
[2010.03.24 10:51:58 | 000,519,584 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\Office.de-de\dwtrig20.exe
[2010.03.31 13:06:10 | 000,149,352 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\SingleImage.WW\ose.exe
[2010.02.28 19:33:12 | 005,336,456 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\de-de\Office.exe
[2010.03.31 11:20:14 | 001,629,584 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\de-de\SetupConsumerC2R.exe
[2010.03.31 11:20:14 | 001,629,584 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\de-de\SetupConsumerC2ROLW.exe
[2012.03.01 01:02:00 | 000,190,272 | ---- | M] (NVIDIA Corporation) -- C:\ProgramData\NVIDIA\Updatus\WLMerger.exe
[1970.01.01 01:00:00 | 000,275,727 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Download\1F6\updatus.12851845_RUNASUSER.exe
[1970.01.01 01:00:00 | 000,277,840 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Download\2EE\updatus.12913382_RUNASUSER.exe
[1970.01.01 01:00:00 | 000,120,773 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Download\33020A60\drsupdate.12601159_RUNASUSER.exe
[1970.01.01 01:00:00 | 000,278,431 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Download\372\updatus.12954220_RUNASUSER.exe
[1970.01.01 01:00:00 | 000,278,923 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Download\446\updatus.13016988_RUNASUSER.exe
[1970.01.01 01:00:00 | 000,280,340 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Download\4D3\updatus.13080168_RUNASUSER.exe
[2012.05.23 09:21:15 | 000,275,727 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\00000000\updatus.12851845_RUNASUSER.exe
[2012.05.23 09:21:20 | 000,278,431 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\00000174\updatus.12954220_RUNASUSER.exe
[2012.05.23 09:21:23 | 000,278,923 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\000001be\updatus.13016988_RUNASUSER.exe
[2012.05.25 02:15:15 | 000,280,340 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\000004c0\updatus.13080168_RUNASUSER.exe
[2012.05.25 02:15:32 | 000,342,213 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\00000548\drsupdate.13114128_RUNASUSER.exe
[2012.06.02 11:24:15 | 000,342,215 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\00000553\drsupdate.13143727_RUNASUSER.exe
[2012.06.06 14:32:40 | 000,281,412 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\0000061b\updatus.13187539_RUNASUSER.exe
[2012.06.13 09:58:52 | 000,281,537 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\00000713\updatus.13208639_RUNASUSER.exe
[2012.06.14 11:45:31 | 000,282,044 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\0000078b\updatus.13241915_RUNASUSER.exe
[2012.06.23 11:08:44 | 000,282,531 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\0000088e\updatus.13305313_RUNASUSER.exe
[2012.06.29 08:26:37 | 000,282,637 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\00000911\updatus.13346084_RUNASUSER.exe
[2012.08.17 22:29:42 | 000,023,160 | ---- | M] (PC-Doctor, Inc.) -- C:\ProgramData\PC-Doctor for Windows\startmenu\startmenu-localizer.exe
[2010.11.20 00:33:08 | 003,892,720 | ---- | M] (Sonic Solutions) -- C:\ProgramData\Uninstall\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}\setup.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:862BDB1A
@Alternate Data Stream - 1229 bytes -> C:\Users\Dominik\AppData\Local\Temp:3xUX4AHIsT8ap4ATIFGH

< End of report >

--- --- ---

chicky · 15.11.2012, 13:39

Schritt 2:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 15.11.2012 13:17:00 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dominik\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 6,19 Gb Available Physical Memory | 78,39% Memory free
15,79 Gb Paging File | 13,96 Gb Available in Paging File | 88,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576,54 Gb Total Space | 189,08 Gb Free Space | 32,79% Space Free | Partition Type: NTFS
Drive E: | 1,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: DOMINIK-PC | User Name: Dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dominik\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Dominik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe ()
PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe (Ericsson AB)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\DataService.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
MOD - c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe File not found
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (WMCoreService) -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe (Ericsson AB)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020200}_0) -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech)
DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)
DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys ()
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)
DRV:64bit: - (WwanUsbServ) -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys (Ericsson AB)
DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (d554scard) -- C:\Windows\SysNative\drivers\d554scard.sys (Ericsson AB)
DRV:64bit: - (hcw10bda) -- C:\Windows\SysNative\drivers\hcw10bda.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hcw10cir) -- C:\Windows\SysNative\drivers\hcw10cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (Mbm3Mdm) -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys (MCCI Corporation)
DRV:64bit: - (Mbm3DevMt) -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys (MCCI Corporation)
DRV:64bit: - (Mbm3CBus) -- C:\Windows\SysNative\drivers\Mbm3CBus.sys (MCCI Corporation)
DRV:64bit: - (Mbm3mdfl) -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys (MCCI Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ecnssndisfltr) -- C:\Windows\SysNative\drivers\wwussf64.sys (Ericsson AB)
DRV:64bit: - (ecnssndis) -- C:\Windows\SysNative\drivers\wwuss64.sys (Ericsson AB)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (d554gps) -- C:\Windows\SysNative\drivers\d554gps64.sys (Ericsson AB)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (XUIF) -- C:\Windows\SysNative\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{AB026457-CA4C-44C8-B81B-A618322283F0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{AB026457-CA4C-44C8-B81B-A618322283F0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4260018220-910525052-71499366-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-4260018220-910525052-71499366-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4260018220-910525052-71499366-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4260018220-910525052-71499366-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: firefoxaddon@youtubeenhancer.com:1.3
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.03.23 00:23:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files (x86)\SearchPredict\PRFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 19:19:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.27 21:30:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
 
[2012.09.19 11:16:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\Extensions
[2012.10.24 11:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\Firefox\Profiles\eyrtvfbr.default\extensions
[2012.09.19 11:58:55 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\firefox\profiles\eyrtvfbr.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012.10.10 12:10:47 | 000,041,896 | ---- | M] () (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\firefox\profiles\eyrtvfbr.default\extensions\firefoxaddon@youtubeenhancer.com.xpi
[2012.09.19 11:59:34 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\firefox\profiles\eyrtvfbr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.15 13:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.06 20:52:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.27 19:19:08 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.11.15 12:28:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120714211850.dll File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120714211850.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\TrayServer.exe (MAGIX AG)
O4 - HKU\S-1-5-21-4260018220-910525052-71499366-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4260018220-910525052-71499366-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - Startup: C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dominik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4260018220-910525052-71499366-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4260018220-910525052-71499366-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F591FE4-6CD6-4EDE-A08D-60E553EC62B1}: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F85EE4A-FCDA-4666-937F-A16D3B458CD6}: DhcpNameServer = 213.162.69.169 213.162.69.170
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{785AC3F3-287C-4690-B3F9-200E649D29FD}: DhcpNameServer = 213.162.69.169 213.162.69.170
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AB88E46-306F-450D-B05A-5C6CC012606A}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.10.10 18:17:02 | 000,000,066 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^Users^Dominik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe - (Intel® Corporation)
MsConfig:64bit - StartUpReg: AccuWeatherWidget - hkey= - key= - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
MsConfig:64bit - StartUpReg: Dell DataSafe Online - hkey= - key= - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
MsConfig:64bit - StartUpReg: HFALoader - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: NeroLauncher - hkey= - key= - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - C:\Program Files\mcafee\VirusScan\mcods.exe File not found
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SafeBootNet:64bit: MCODS - C:\Program Files\mcafee\VirusScan\mcods.exe File not found
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.15 12:28:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.15 12:15:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.15 12:15:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.15 12:15:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.15 11:31:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.15 11:31:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.13 00:00:41 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Malwarebytes
[2012.11.13 00:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.13 00:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.13 00:00:04 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.13 00:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.12 23:44:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.11.07 17:50:04 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\FLT
[2012.11.07 17:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Worms Revolution
[2012.11.07 17:44:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Worms Revolution
[2012.10.26 22:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
[2012.10.25 21:56:56 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\Euro Truck Simulator 2
[2012.10.24 19:21:29 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\LRTimelapse
[2012.10.24 19:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LRTimelapse 2
[2012.10.24 19:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LRTimelapse 2
[2012.10.24 12:19:00 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.10.22 14:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.10.18 18:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012.10.18 18:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TERRATEC Electronic GmbH
[2012.10.18 18:34:55 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\MAGIX Downloads
[2012.10.18 18:34:37 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\MAGIX
[2012.10.18 18:34:13 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\MAGIX_Screenshare
[2012.10.18 18:33:50 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\MAGIX_Online_Druck_Service
[2012.10.18 18:32:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared
[2012.10.18 18:32:50 | 000,430,080 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\MXRestore.exe
[2012.10.18 18:32:49 | 000,192,512 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLRES32.dll
[2012.10.18 18:32:49 | 000,167,936 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDEV32.dll
[2012.10.18 18:32:49 | 000,151,552 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDRV32.dll
[2012.10.18 18:32:49 | 000,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCDA32.dll
[2012.10.18 18:32:49 | 000,098,304 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCPY32.dll
[2012.10.18 18:32:49 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPTL32.dll
[2012.10.18 18:32:49 | 000,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCDF32.dll
[2012.10.18 18:32:49 | 000,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLTPO32.dll
[2012.10.18 18:32:49 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPRJ32.dll
[2012.10.18 18:32:49 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIO32.dll
[2012.10.18 18:32:49 | 000,049,152 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPRF32.dll
[2012.10.18 18:32:49 | 000,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIMG32.dll
[2012.10.18 18:32:49 | 000,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLRD32.dll
[2012.10.18 18:32:49 | 000,036,864 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPNT32.dll
[2012.10.18 18:32:49 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\STRING32.dll
[2012.10.18 18:32:49 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLMSC32.dll
[2012.10.18 18:32:49 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLISO32.dll
[2012.10.18 18:32:49 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDIR32.dll
[2012.10.18 18:32:49 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\TTIC32.dll
[2012.10.18 18:32:49 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\TTI32.dll
[2012.10.18 18:32:49 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIX.dll
[2012.10.18 18:32:48 | 000,618,496 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLAV32.dll
[2012.10.18 18:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012.10.18 18:31:53 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\MAGIX_Filme_auf_DVD_7_TerraTec_Edition
[2012.10.18 18:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.10.18 18:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2012.10.18 18:30:17 | 000,700,416 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\mgxoschk.dll
[2012.10.18 18:30:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\MAGIX
[2012.10.17 16:20:50 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Documents\EasyRotatorWPContent
[2012.10.17 16:06:59 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\com.dwuser.erwizard.EasyRotatorWizard
[2011.09.15 21:19:37 | 009,418,752 | ---- | C] (OpenTTD Development Team) -- C:\Users\Dominik\openttd.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.15 13:18:20 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 13:18:20 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 13:15:34 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.15 13:15:34 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.15 13:15:34 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.15 13:15:34 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.15 13:15:34 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.15 13:11:13 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.15 13:11:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.15 13:10:54 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.15 12:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.15 12:43:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.15 12:28:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.13 00:00:11 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.07 17:37:57 | 000,266,401 | ---- | M] () -- C:\Users\Dominik\Desktop\virus.jpg
[2012.10.28 13:41:47 | 000,007,606 | ---- | M] () -- C:\Users\Dominik\AppData\Local\resmon.resmoncfg
[2012.10.24 12:25:26 | 000,001,047 | ---- | M] () -- C:\Users\Dominik\Desktop\Dropbox.lnk
[2012.10.24 12:19:09 | 000,001,057 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.10.22 14:02:31 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.10.21 12:51:36 | 005,328,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.18 18:34:09 | 000,007,119 | ---- | M] () -- C:\Windows\mgxoschk.ini
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.15 12:15:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.15 12:15:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.15 12:15:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.15 12:15:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.15 12:15:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.13 00:00:11 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.07 17:37:57 | 000,266,401 | ---- | C] () -- C:\Users\Dominik\Desktop\virus.jpg
[2012.10.24 12:25:26 | 000,001,047 | ---- | C] () -- C:\Users\Dominik\Desktop\Dropbox.lnk
[2012.10.24 12:19:09 | 000,001,057 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.10.22 14:02:31 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.10.18 18:32:49 | 000,014,182 | ---- | C] () -- C:\Windows\SysWow64\DLLAV32.lib
[2012.10.18 18:30:40 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2012.10.18 18:30:17 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.03.21 17:42:32 | 000,146,774 | ---- | C] () -- C:\Windows\hpoins44.dat
[2012.03.21 17:42:32 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat
[2011.12.02 17:11:34 | 000,007,606 | ---- | C] () -- C:\Users\Dominik\AppData\Local\resmon.resmoncfg
[2011.10.18 19:32:43 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.10.18 19:32:43 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.10.18 19:32:34 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2011.10.18 19:31:49 | 000,005,072 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2011.09.19 10:35:59 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.09.19 10:35:52 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.09.19 10:35:52 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.16 12:16:58 | 000,015,872 | ---- | C] () -- C:\Users\Dominik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.31 21:24:55 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.08.31 21:24:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.08.31 21:24:07 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.31 21:24:06 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.02.11 11:22:50 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.01.17 11:56:01 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\.minecraft
[2011.09.05 19:59:25 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Ashampoo
[2012.11.12 02:33:59 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\BitTorrent
[2012.02.09 23:44:46 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Canon
[2011.09.29 15:19:13 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.09.27 15:32:21 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\CloneSpy
[2012.10.17 16:06:59 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\com.dwuser.erwizard.EasyRotatorWizard
[2012.02.01 13:08:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\DAEMON Tools Lite
[2011.11.26 15:04:25 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\DAEMON Tools Pro
[2011.09.26 17:52:55 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\DocumentsToGoDesktop
[2012.11.15 13:11:41 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Dropbox
[2012.03.05 08:51:26 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Fingertapps
[2012.03.05 20:20:15 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\iolo
[2011.09.11 20:43:10 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Kalypso Media
[2012.10.24 20:56:13 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\LRTimelapse
[2012.10.18 18:34:37 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\MAGIX
[2012.03.12 10:40:14 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\PACE Anti-Piracy
[2011.12.04 23:19:58 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\PCDr
[2012.11.13 15:19:39 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Spotify
[2012.03.12 10:41:10 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.05.11 13:25:00 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\TeamViewer
[2012.09.27 20:29:46 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\TuneUp Software
[2012.09.21 00:52:25 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Ubisoft
[2012.09.27 21:15:59 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\WindSolutions
[2011.09.22 15:11:39 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.11.15 12:28:53 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.06.14 16:36:56 | 000,000,000 | ---D | M] -- C:\0244ccfc38fb8dc5ddfff7
[2011.08.31 20:44:55 | 000,000,000 | ---D | M] -- C:\apps
[2012.02.09 23:40:36 | 000,000,000 | ---D | M] -- C:\Canon-Drucker
[2012.09.27 21:04:36 | 000,000,000 | ---D | M] -- C:\Contacts
[2011.09.06 16:10:58 | 000,000,000 | ---D | M] -- C:\DELL
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.09.05 16:12:00 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.11.09 12:09:29 | 000,000,000 | ---D | M] -- C:\Dominik
[2011.08.31 21:25:31 | 000,000,000 | ---D | M] -- C:\Drivers
[2011.09.05 16:56:37 | 000,000,000 | ---D | M] -- C:\FIND_EULA_PATH
[2011.10.18 19:46:17 | 000,000,000 | ---D | M] -- C:\IExp0.tmp
[2011.10.18 19:46:19 | 000,000,000 | ---D | M] -- C:\IExp1.tmp
[2012.09.27 21:04:36 | 000,000,000 | ---D | M] -- C:\iPod_Control
[2011.09.06 16:37:53 | 000,000,000 | R--D | M] -- C:\MSOCache
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.15 12:13:54 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.11.15 13:09:59 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.11.15 13:09:59 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.09.05 16:12:00 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.11.15 12:33:43 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.09.05 16:19:15 | 000,000,000 | -HSD | M] -- C:\System Recovery
[2012.11.07 17:46:34 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.11.12 23:52:22 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine
[2011.09.05 17:26:18 | 000,000,000 | ---D | M] -- C:\Temp
[2012.04.25 18:27:00 | 000,000,000 | R--D | M] -- C:\Users
[2012.02.09 23:23:20 | 000,000,000 | ---D | M] -- C:\VueScan
[2012.11.15 12:28:47 | 000,000,000 | ---D | M] -- C:\Windows
 
< %SYSTEMDRIVE%\*.* >
[2012.03.19 15:18:32 | 000,094,587 | ---- | M] () -- C:\2600.log
[2012.11.15 13:10:04 | 000,014,604 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2012.11.15 12:33:41 | 000,039,758 | ---- | M] () -- C:\ComboFix.txt
[2011.08.31 21:16:02 | 000,004,349 | RH-- | M] () -- C:\dell.sdr
[2011.08.31 20:06:01 | 000,001,159 | ---- | M] () -- C:\freefallprotection.log
[2012.11.15 13:10:54 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.29 08:21:03 | 000,000,080 | ---- | M] () -- C:\log.txt
[2012.11.15 13:10:58 | 4183,994,367 | -HS- | M] () -- C:\pagefile.sys
[2012.02.02 23:05:35 | 001,289,603 | ---- | M] () -- C:\s7b0.4
[2012.02.02 23:05:36 | 000,697,727 | ---- | M] () -- C:\s7b0.5
[2012.06.25 19:42:54 | 000,000,001 | ---- | M] () -- C:\s_pov.bin
[2012.11.12 23:43:07 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.11.0_12.11.2012_23.43.03_log.txt
[2012.11.12 23:47:44 | 000,450,172 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_12.11.2012_23.43.33_log.txt
[2012.11.13 00:38:55 | 000,602,428 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_12.11.2012_23.51.08_log.txt
[2012.06.29 08:03:17 | 000,001,145 | ---- | M] () -- C:\WirelessDiagLog.csv
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
< %PROGRAMFILES%\*.exe >
 
< %PROGRAMFILES(X86)%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /10 >
 
< %appdata%\*.  >
[2012.01.17 11:56:01 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\.minecraft
[2012.07.31 15:51:29 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Adobe
[2012.03.12 17:06:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Adobe Mini Bridge CS5.1
[2012.03.22 20:08:39 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Apple Computer
[2011.09.05 19:59:25 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Ashampoo
[2012.11.12 02:33:59 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\BitTorrent
[2012.02.09 23:44:46 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Canon
[2011.09.29 15:19:13 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.09.27 15:32:21 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\CloneSpy
[2012.10.17 16:06:59 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\com.dwuser.erwizard.EasyRotatorWizard
[2011.09.29 15:04:33 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Creative
[2012.02.01 13:08:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\DAEMON Tools Lite
[2011.11.26 15:04:25 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\DAEMON Tools Pro
[2011.10.22 10:36:51 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Dell
[2011.09.05 16:17:19 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Dell Touch Zone
[2011.09.26 17:52:55 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\DocumentsToGoDesktop
[2012.11.15 13:11:41 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Dropbox
[2012.04.24 16:20:18 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\dvdcss
[2012.03.05 08:51:26 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Fingertapps
[2011.09.05 16:16:54 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Identities
[2011.09.05 16:12:21 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Intel
[2012.03.05 20:20:15 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\iolo
[2011.09.11 20:43:10 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Kalypso Media
[2012.10.24 20:56:13 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\LRTimelapse
[2011.08.31 20:22:48 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Macromedia
[2011.09.08 23:44:47 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Macrovision
[2012.10.18 18:34:37 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\MAGIX
[2012.11.13 00:00:41 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Malwarebytes
[2010.11.21 08:00:23 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Media Center Programs
[2012.08.03 11:59:08 | 000,000,000 | --SD | M] -- C:\Users\Dominik\AppData\Roaming\Microsoft
[2012.09.19 11:16:50 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Mozilla
[2011.10.19 13:54:20 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\NCH Software
[2011.09.05 16:55:14 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Nero
[2012.04.25 18:32:10 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\NVIDIA
[2012.03.12 10:40:14 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\PACE Anti-Piracy
[2011.12.04 23:19:58 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\PCDr
[2012.01.11 21:28:02 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Roxio
[2011.09.08 23:40:04 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Roxio Burn
[2012.11.10 17:26:39 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Skype
[2012.11.13 15:19:39 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Spotify
[2012.03.12 10:41:10 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.05.11 13:25:00 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\TeamViewer
[2012.09.27 20:29:46 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\TuneUp Software
[2012.09.21 00:52:25 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Ubisoft
[2012.11.07 17:48:08 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\vlc
[2012.09.27 20:46:58 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Winamp
[2012.09.27 21:15:59 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\WindSolutions
[2011.12.02 16:02:13 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\WinRAR
[2011.09.22 15:11:39 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\XnView
 
< %appdata%\*.*  >
 
< %appdata%\*.exe /s >
[2011.03.01 14:26:14 | 000,270,848 | ---- | M] (Teckda) -- C:\Users\Dominik\AppData\Roaming\.minecraft\Minecraft Cracked.exe
[2010.10.21 02:00:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Dominik\AppData\Roaming\.minecraft\Minecraft Updater.exe
[2010.09.25 10:15:25 | 000,232,159 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\.minecraft\Minecraft.exe
[2012.01.17 11:54:24 | 000,290,837 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\.minecraft\Uninstall.exe
[2012.10.18 23:33:50 | 026,643,352 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dominik\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.10.18 23:34:02 | 000,181,800 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2012.10.18 23:33:52 | 000,874,424 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dominik\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2011.10.03 19:55:30 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Dominik\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.03.12 10:31:25 | 000,010,134 | R--- | M] () -- C:\Users\Dominik\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
[2012.10.28 12:54:21 | 007,880,664 | ---- | M] (Spotify Ltd) -- C:\Users\Dominik\AppData\Roaming\Spotify\spotify.exe
[2012.10.28 12:54:21 | 000,117,208 | ---- | M] (Spotify Ltd) -- C:\Users\Dominik\AppData\Roaming\Spotify\SpotifyLauncher.exe
[2012.10.28 12:54:21 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Dominik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
 
< %localappdata%\*.  >
[2011.10.10 17:29:26 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\2K Games
[2012.07.31 16:59:37 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Adobe
[2011.09.05 16:12:20 | 000,000,000 | -HSD | M] -- C:\Users\Dominik\AppData\Local\Anwendungsdaten
[2011.09.05 19:05:18 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Apple
[2011.09.05 19:06:12 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Apple Computer
[2012.07.29 12:54:44 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Apps
[2011.10.22 10:39:50 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\ArcSoft
[2012.08.09 10:35:41 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\blekkotb_031
[2012.05.29 20:01:58 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\CRE
[2012.06.06 14:53:41 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Daniel_Espendiller
[2011.09.05 16:18:01 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Dell
[2011.12.05 00:54:20 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Dell Edoc Viewer
[2012.07.29 12:55:07 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Deployment
[2012.10.12 10:47:12 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Diagnostics
[2012.09.27 20:46:54 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Downloaded Installations
[2012.01.05 15:47:36 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\ElevatedDiagnostics
[2012.11.07 17:50:04 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\FLT
[2012.07.29 12:55:16 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Google
[2012.02.02 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\libimobiledevice
[2011.11.02 17:25:16 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Logitech
[2012.06.20 23:52:08 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Macromedia
[2012.09.27 21:26:13 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Macroplant_LLC
[2012.04.16 01:28:00 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Microsoft
[2012.10.17 13:10:14 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Microsoft Games
[2012.09.27 20:46:56 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Microsoft Help
[2011.09.05 17:05:30 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Mozilla
[2012.07.10 21:39:09 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Nero
[2011.09.05 20:56:06 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Nero_AG
[2012.03.12 10:40:14 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\PACE Anti-Piracy
[2011.09.12 10:10:33 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\SKIDROW
[2012.09.23 21:56:45 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Skyrim
[2011.09.16 10:05:53 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\SoftThinks
[2012.01.11 21:27:07 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Sonic_Solutions
[2012.11.13 14:09:44 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Spotify
[2012.11.15 13:24:43 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Temp
[2011.09.05 16:12:20 | 000,000,000 | -HSD | M] -- C:\Users\Dominik\AppData\Local\Temporary Internet Files
[2012.02.14 00:29:14 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Ubisoft Game Launcher
[2011.09.05 16:12:20 | 000,000,000 | -HSD | M] -- C:\Users\Dominik\AppData\Local\Verlauf
[2012.10.24 19:21:23 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\VirtualStore
[2012.03.05 23:33:07 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Western Digital
[2012.04.22 16:22:31 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\Windows Live
[2011.10.19 21:16:18 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\{0AA5C843-0ADD-4F8D-AB62-7C17C4C2D5F6}
[2011.10.19 22:14:01 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\{5CAB2A37-7FB5-413E-AC6A-A4CF0F91D506}
[2011.10.19 22:14:44 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\{825ACAB1-C09F-41E0-AEB1-8BC0F6963E47}
[2011.10.19 22:14:32 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\{859BD203-B32A-4192-9B22-41B96C3DBD7F}
[2011.10.18 20:03:41 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Local\{8CA54372-CC31-4294-A7A9-129A58E06CD2}
 
< %localappdata%\*.* >
[2012.07.30 19:57:16 | 000,015,872 | ---- | M] () -- C:\Users\Dominik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.22 14:07:51 | 000,153,744 | ---- | M] () -- C:\Users\Dominik\AppData\Local\GDIPFONTCACHEV1.DAT
[2012.11.15 13:10:24 | 005,080,426 | -H-- | M] () -- C:\Users\Dominik\AppData\Local\IconCache.db
[2012.10.28 13:41:47 | 000,007,606 | ---- | M] () -- C:\Users\Dominik\AppData\Local\resmon.resmoncfg
 
< %localappdata%\*.exe /s >
[2012.07.29 12:55:02 | 000,739,640 | ---- | M] (Google Inc.) -- C:\Users\Dominik\AppData\Local\Apps\2.0\0ZXY06XG.JC2\7BQ933LV.TEW\clic...exe_4fe91ede9f9bdca3_0001.0003_none_8152382b64d98ef8\GoogleUpdateSetup.exe
[2012.07.29 12:55:03 | 000,009,640 | ---- | M] () -- C:\Users\Dominik\AppData\Local\Apps\2.0\0ZXY06XG.JC2\7BQ933LV.TEW\goog...app_4fe91ede9f9bdca3_0001.0003_24c2cf8356e1ef51\clickonce_bootstrap.exe
[2012.07.29 12:55:02 | 000,739,640 | ---- | M] (Google Inc.) -- C:\Users\Dominik\AppData\Local\Apps\2.0\0ZXY06XG.JC2\7BQ933LV.TEW\goog...app_4fe91ede9f9bdca3_0001.0003_24c2cf8356e1ef51\GoogleUpdateSetup.exe
[2011.10.18 20:04:13 | 001,287,016 | ---- | M] (Microsoft Corporation) -- C:\Users\Dominik\AppData\Local\Microsoft\Windows Live\Installer\Catalog\wlsetup.exe
 
< %allusersprofile%\*.  >
[2012.09.16 02:59:21 | 000,000,000 | ---D | M] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.09.14 09:38:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2012.06.29 15:41:14 | 000,000,000 | ---D | M] -- C:\ProgramData\ALM
[2011.09.05 16:12:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2011.09.06 16:18:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2011.09.05 19:05:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011.10.22 10:39:56 | 000,000,000 | ---D | M] -- C:\ProgramData\ArcSoft
[2011.09.17 12:19:16 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2012.02.09 23:44:46 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan
[2012.09.27 20:29:14 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2011.09.16 12:15:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Creative
[2012.09.21 00:20:52 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2011.11.26 14:57:04 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Pro
[2011.09.05 16:56:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Dell
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011.09.05 16:12:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011.10.04 14:37:45 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2011.10.04 14:37:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2011.09.05 16:12:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011.09.17 12:49:26 | 000,000,000 | ---D | M] -- C:\ProgramData\FLEXnet
[2012.03.25 18:05:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Freemake
[2012.03.21 17:42:30 | 000,000,000 | ---D | M] -- C:\ProgramData\HP
[2011.08.31 20:20:53 | 000,000,000 | ---D | M] -- C:\ProgramData\install_clap
[2011.08.31 20:53:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Intel
[2012.03.05 20:20:21 | 000,000,000 | ---D | M] -- C:\ProgramData\iolo
[2011.08.31 20:42:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Macrovision
[2012.10.18 18:34:12 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2012.11.13 00:00:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2012.11.15 12:13:59 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee
[2011.12.04 23:19:48 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2012.10.10 20:28:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2012.05.02 10:18:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2011.10.19 09:17:43 | 000,000,000 | ---D | M] -- C:\ProgramData\NCH Software
[2011.08.31 20:28:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Nero
[2012.11.15 13:11:01 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA
[2011.08.31 12:46:44 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA Corporation
[2012.03.12 10:40:14 | 000,000,000 | ---D | M] -- C:\ProgramData\PACE Anti-Piracy
[2012.08.31 15:24:52 | 000,000,000 | ---D | M] -- C:\ProgramData\PC-Doctor for Windows
[2012.09.29 11:51:47 | 000,000,000 | ---D | M] -- C:\ProgramData\PCDr
[2011.08.31 20:43:54 | 000,000,000 | ---D | M] -- C:\ProgramData\PhotoShow Shared Assets
[2012.07.31 16:59:24 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.01.11 21:28:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Roxio
[2012.09.14 07:44:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype
[2012.11.07 15:26:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Sonic
[2012.09.17 15:13:23 | 000,000,000 | ---D | M] -- C:\ProgramData\SpeedBit
[2012.09.24 22:16:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Spybot - Search & Destroy
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011.09.05 16:12:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011.08.31 20:03:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2011.11.08 14:52:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Tages
[2012.09.17 15:08:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012.09.27 20:29:47 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2011.10.19 13:57:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2012.02.09 23:15:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Uniblue
[2011.08.31 20:44:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2011.09.05 16:12:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012.09.27 21:14:06 | 000,000,000 | ---D | M] -- C:\ProgramData\WindSolutions
[2012.09.27 20:46:54 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012.09.27 20:46:54 | 000,000,000 | -HSD | M] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
 
< %allusersprofile%\*.* >
[2012.03.21 17:47:46 | 000,000,357 | ---- | M] () -- C:\ProgramData\hpzinstall.log
 
< %allusersprofile%\*.exe /s >
[2012.08.21 12:01:28 | 001,977,816 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\GEARDIFx.exe
[2012.08.21 12:01:20 | 000,131,544 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DifXInst64.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\14304\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\14304\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\14304\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\14304\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\19966\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\19966\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\19966\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\19966\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\5726\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\5726\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\5726\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\5726\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\9201\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\9201\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\9201\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\9201\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\967\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\967\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\967\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\967\ReaderUpdater.exe
[2010.03.01 22:44:10 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\java-rmi.exe
[2010.03.01 22:44:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\java.exe
[2010.03.01 22:44:10 | 000,059,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\javacpl.exe
[2010.03.01 22:44:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\javaw.exe
[2010.03.01 22:44:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\javaws.exe
[2010.03.01 22:44:12 | 000,079,648 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\jbroker.exe
[2010.03.01 22:44:12 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\jp2launcher.exe
[2010.03.01 22:44:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\jqs.exe
[2010.03.01 22:44:12 | 000,055,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\jqsnotify.exe
[2010.03.01 22:44:12 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\jucheck.exe
[2010.03.01 22:44:12 | 000,055,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\jureg.exe
[2010.03.01 22:44:14 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\jusched.exe
[2010.03.01 22:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\keytool.exe
[2010.03.01 22:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\kinit.exe
[2010.03.01 22:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\klist.exe
[2010.03.01 22:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\ktab.exe
[2010.03.01 22:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\orbd.exe
[2010.03.01 22:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\pack200.exe
[2010.03.01 22:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\policytool.exe
[2010.03.01 22:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\rmid.exe
[2010.03.01 22:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\rmiregistry.exe
[2010.03.01 22:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\servertool.exe
[2010.03.01 22:44:14 | 000,030,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\ssvagent.exe
[2010.03.01 22:44:14 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\tnameserv.exe
[2010.03.01 22:44:14 | 000,132,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\Adobe\CS5\jre\bin\unpack200.exe
[2012.09.16 02:51:21 | 000,073,624 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple Computer\Installer Cache\iTunes 10.7.0.21\SetupAdmin.exe
[2011.11.17 10:46:21 | 000,073,576 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 1.0.1.29\SetupAdmin.exe
[2011.12.04 23:37:12 | 000,073,576 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 1.0.2.17\SetupAdmin.exe
[2012.03.18 12:51:03 | 000,073,576 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 1.1.0.40\SetupAdmin.exe
[2008.09.26 15:19:04 | 001,021,216 | ---- | M] (Acresso Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\11\agent.exe
[2007.03.20 21:25:36 | 000,205,744 | ---- | M] (InstallShield Software Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\11\dwusplay.exe
[2008.09.26 15:19:06 | 000,279,840 | ---- | M] (Acresso Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\11\ISDM.exe
[2008.09.26 15:19:04 | 000,079,136 | ---- | M] (Acresso Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\11\issch.exe
[2008.09.26 15:19:04 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
[2005.10.08 16:14:46 | 000,040,960 | ---- | M] (Magix AG) -- C:\ProgramData\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\Default\fcdummy.exe
[2006.02.14 13:03:04 | 000,024,576 | ---- | M] (Magix AG) -- C:\ProgramData\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\Default\Validation.exe
[2004.09.13 12:29:46 | 000,200,704 | ---- | M] () -- C:\ProgramData\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\DVD\WMV_DISC\licgen.exe
[1997.10.15 21:03:40 | 000,018,944 | ---- | M] () -- C:\ProgramData\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\DVD\WMV_DISC\components\shelexec.exe
[2003.11.04 17:20:34 | 000,006,144 | ---- | M] () -- C:\ProgramData\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\DVD\WMV_DISC\components\videowritetest.exe
[2010.03.31 13:05:54 | 001,100,664 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\setup.exe
[2010.03.24 10:51:52 | 000,838,536 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\Office.de-de\DW20.EXE
[2010.03.24 10:51:58 | 000,519,584 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\Office.de-de\dwtrig20.exe
[2010.03.31 13:06:10 | 000,149,352 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\SingleImage.WW\ose.exe
[2010.02.28 19:33:12 | 005,336,456 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\de-de\Office.exe
[2010.03.31 11:20:14 | 001,629,584 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\de-de\SetupConsumerC2R.exe
[2010.03.31 11:20:14 | 001,629,584 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\de-de\SetupConsumerC2ROLW.exe
[2012.03.01 01:02:00 | 000,190,272 | ---- | M] (NVIDIA Corporation) -- C:\ProgramData\NVIDIA\Updatus\WLMerger.exe
[1970.01.01 01:00:00 | 000,275,727 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Download\1F6\updatus.12851845_RUNASUSER.exe
[1970.01.01 01:00:00 | 000,277,840 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Download\2EE\updatus.12913382_RUNASUSER.exe
[1970.01.01 01:00:00 | 000,120,773 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Download\33020A60\drsupdate.12601159_RUNASUSER.exe
[1970.01.01 01:00:00 | 000,278,431 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Download\372\updatus.12954220_RUNASUSER.exe
[1970.01.01 01:00:00 | 000,278,923 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Download\446\updatus.13016988_RUNASUSER.exe
[1970.01.01 01:00:00 | 000,280,340 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Download\4D3\updatus.13080168_RUNASUSER.exe
[2012.05.23 09:21:15 | 000,275,727 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\00000000\updatus.12851845_RUNASUSER.exe
[2012.05.23 09:21:20 | 000,278,431 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\00000174\updatus.12954220_RUNASUSER.exe
[2012.05.23 09:21:23 | 000,278,923 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\000001be\updatus.13016988_RUNASUSER.exe
[2012.05.25 02:15:15 | 000,280,340 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\000004c0\updatus.13080168_RUNASUSER.exe
[2012.05.25 02:15:32 | 000,342,213 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\00000548\drsupdate.13114128_RUNASUSER.exe
[2012.06.02 11:24:15 | 000,342,215 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\00000553\drsupdate.13143727_RUNASUSER.exe
[2012.06.06 14:32:40 | 000,281,412 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\0000061b\updatus.13187539_RUNASUSER.exe
[2012.06.13 09:58:52 | 000,281,537 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\00000713\updatus.13208639_RUNASUSER.exe
[2012.06.14 11:45:31 | 000,282,044 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\0000078b\updatus.13241915_RUNASUSER.exe
[2012.06.23 11:08:44 | 000,282,531 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\0000088e\updatus.13305313_RUNASUSER.exe
[2012.06.29 08:26:37 | 000,282,637 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Packages\00000911\updatus.13346084_RUNASUSER.exe
[2012.08.17 22:29:42 | 000,023,160 | ---- | M] (PC-Doctor, Inc.) -- C:\ProgramData\PC-Doctor for Windows\startmenu\startmenu-localizer.exe
[2010.11.20 00:33:08 | 003,892,720 | ---- | M] (Sonic Solutions) -- C:\ProgramData\Uninstall\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}\setup.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:862BDB1A
@Alternate Data Stream - 1229 bytes -> C:\Users\Dominik\AppData\Local\Temp:3xUX4AHIsT8ap4ATIFGH

< End of report >

--- --- ---

chicky · 15.11.2012, 13:40

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 15.11.2012 13:17:00 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dominik\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 6,19 Gb Available Physical Memory | 78,39% Memory free
15,79 Gb Paging File | 13,96 Gb Available in Paging File | 88,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576,54 Gb Total Space | 189,08 Gb Free Space | 32,79% Space Free | Partition Type: NTFS
Drive E: | 1,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: DOMINIK-PC | User Name: Dominik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4260018220-910525052-71499366-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{26B62A7B-3F77-421E-B31F-EB2538571872}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FA86AEF3-F5E5-4B3A-B81C-0E52066EC154}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4621E19A-7D12-41ED-B04A-EA561CA84957}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D7595129-62CF-41D8-9469-BB8496AE32FC}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{2BC779ED-DA02-4B4A-992A-F38729115A5B}C:\users\dominik\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\dominik\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{55EC71BD-A49F-46C8-9298-2AF623695459}C:\users\dominik\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\dominik\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{B916B7C0-E792-45DE-8FCB-BF74B9456B4C}C:\program files (x86)\dell\stage remote\stageremoteservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe | 
"UDP Query User{606A9EED-B81A-46E2-A4EC-91980E84AD61}C:\users\dominik\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\dominik\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{6199E68F-9C52-4F9B-B965-1E5F71F2B2F6}C:\users\dominik\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\dominik\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{95E440C9-512C-47EA-9FF6-C7CC169FB849}C:\program files (x86)\dell\stage remote\stageremoteservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D5CE83C-BFDD-4668-8BCB-E8614334A657}" = Adobe Photoshop Lightroom 3.4 64-bit
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi-Software
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.12
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{819CA3BC-2FF8-4811-B42F-421F7BFD3559}" = HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0812DA72EAD4FBFA883430ED6EC04AC1F88DBBAD" = Windows-Treiberpaket - TERRATEC (emAudio) Media  (03/16/2010 5.09.1202.00)
"22B1739EAEA711117281C678C9005F17A0D9D420" = Windows-Treiberpaket - TERRATEC  (USB28xxBGA) Media  (03/16/2010 5.09.1202.00)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC-Doctor for Windows" = Dell Support Center
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}" = Adobe Premiere Pro CS5.5
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2299EEBD-0A83-4B26-AA4A-057AE9E5BAE8}" = Dell Stage Remote
"{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 35
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}" = Dell MusicStage
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.1
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5546F4E9-B0F4-4F54-B949-2AB006C9284F}" = DJ_AIO_06_F2400_SW_Min
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75369494-59BC-4B39-9134-D85EE17F9E76}" = LRTimelapse 2
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{857CC5F0-040E-1016-A173-D55ADD80C260}" = Adobe InDesign CS5.5
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.STANDARD_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90CA4931-4A1F-4D30-A60B-C2BBFD53D30F}" = Grabby Driver Installation (64 Bit)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96F9B265-1367-4E1A-B8B9-F8530EF3AA62}" = Add or Remove Adobe Premiere Pro CS5
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D583F01-A973-4B04-90BD-FB7886779090}" = Dell Wireless HSPA Mini-Card Drivers
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB152608-B0D3-46AF-A6D0-F34DD1C3F8ED}_is1" = iReceiver 1.6.3
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5B1535A-FDFC-4B40-B2E2-21DA83D9CB57}" = Adobe Audition CS5.5
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage 
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F57269-065E-4B19-8CDA-AB6C401FAF1A}" = Dell Stage
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E82097B9-A3B8-404A-9A92-AC16A8AC9576}" = Adobe After Effects CS5.5
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Ashampoo ClipFinder HD_is1" = Ashampoo ClipFinder HD v.2.21
"ASIO4ALL" = ASIO4ALL
"BitTorrent" = BitTorrent
"Canon MP640 series Benutzerregistrierung" = Canon MP640 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneSpy" = CloneSpy 2.62
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dell Webcam Central" = Dell Webcam Central
"DTGDesktop" = Documents To Go Desktop for iPhone
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FL Studio 10" = FL Studio 10
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.0.2
"IL Download Manager" = IL Download Manager
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage 
"MAGIX Filme auf DVD TerraTec Edition D" = MAGIX Filme auf DVD TerraTec Edition 7.0.3.6 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Minecraft Cracked" = Minecraft Cracked
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.STANDARD" = Microsoft Office Standard 2010
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 1.1.3
"PunkBusterSvc" = PunkBuster Services
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Worms Revolution_is1" = Worms Revolution
"XnView_is1" = XnView 1.98.2
"ZinioReader4" = Zinio Reader 4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4260018220-910525052-71499366-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.10.2012 11:36:28 | Computer Name = Dominik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.10.2012 11:23:10 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: pcdrsysinfoperipheral.p5x, Version:
 6.0.6032.47, Zeitstempel: 0x502eb3c6  Name des fehlerhaften Moduls: SynTPAPI.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4d0aed00  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x0000000063020350  ID des fehlerhaften Prozesses: 0x10b4  Startzeit der fehlerhaften
 Anwendung: 0x01cda0b1cf8ed074  Pfad der fehlerhaften Anwendung: C:\Program Files\Dell
 Support Center\pcdrsysinfoperipheral.p5x  Pfad des fehlerhaften Moduls: SynTPAPI.dll
Berichtskennung:
 12c2d337-0ca5-11e2-90d9-028037ec0200
 
Error - 10.10.2012 11:07:46 | Computer Name = Dominik-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 15.0.1.4631,
 Zeitstempel: 0x5047f9c5  Name des fehlerhaften Moduls: xul.dll, Version: 15.0.1.4631,
 Zeitstempel: 0x5047f93b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0010e567  ID des fehlerhaften
 Prozesses: 0x19cc  Startzeit der fehlerhaften Anwendung: 0x01cda6d8c219846f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 3f0a86e8-12ec-11e2-90d9-028037ec0200
 
Error - 10.10.2012 15:21:16 | Computer Name = Dominik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.10.2012 15:33:37 | Computer Name = Dominik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.10.2012 03:39:33 | Computer Name = Dominik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.10.2012 14:59:02 | Computer Name = Dominik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.10.2012 06:21:44 | Computer Name = Dominik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.10.2012 06:59:09 | Computer Name = Dominik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.10.2012 11:40:05 | Computer Name = Dominik-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "EasyRotator" konnte nicht heruntergefahren
 werden.
 
Error - 18.10.2012 02:46:16 | Computer Name = Dominik-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 21.05.2012 13:21:32 | Computer Name = Dominik-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 21.05.2012 13:21:32 | Computer Name = Dominik-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 21.05.2012 13:21:33 | Computer Name = Dominik-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 21.05.2012 13:21:33 | Computer Name = Dominik-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 21.05.2012 13:21:37 | Computer Name = Dominik-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "FLORA NO 1" den Befehl "chkdsk" aus.
 
Error - 22.05.2012 00:14:05 | Computer Name = Dominik-PC | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 0.0.0.0 mit dem
 Computer mit der  Netzwerkhardwareadresse 00-00-00-00-00-00 ermittelt. Netzwerkvorgänge
 könnten daher auf diesem  System unterbrochen werden.
 
Error - 23.05.2012 03:55:05 | Computer Name = Dominik-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 23.05.2012 03:55:05 | Computer Name = Dominik-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Hauppauge CIR Receiver" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1058
 
Error - 23.05.2012 04:26:54 | Computer Name = Dominik-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 23.05.2012 04:26:54 | Computer Name = Dominik-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Hauppauge CIR Receiver" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1058
 
 
< End of report >

--- --- ---

ryder · 15.11.2012, 14:36

Gut, ein paar Reste noch, dann ist es geschafft.

Schritt 1:
Fix mit OTL

Zitat:

Warnung: Dieses Skript wurde nur für diesen User und diese spezielle Situation geschrieben. Auf anderen Computern ausgeführt kann es nachhaltige Schäden anrichten!
Hinweis: Wenn du deinen Benutzernamen unkenntlich gemacht hast, musst du wieder deinen richtigen Namen einsetzen, ansonsten wird das Skript nicht funktionieren.

Starte bitte die OTL.exe.

Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:862BDB1A
@Alternate Data Stream - 1229 bytes -> C:\Users\Dominik\AppData\Local\Temp:3xUX4AHIsT8ap4ATIFGH


:commands
[Emptytemp]
         
Schliesse bitte nun alle Programme.

Klicke nun bitte auf den Fix Button.

OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.

Nach dem Neustart findest Du ein Textdokument auf deinem Desktop. ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)

Kopiere nun den Inhalt hier in deinen Thread, möglichst in Code-Tags.

Hinweis: Die Ausführung des Kommandos kann einige Minuten dauern und OTL scheint in dieser Zeit nicht zu reagieren. Bitte geduldig sein!

Schritt 2:
Quick-Scan mit Malwarebytes

Downloade Dir bitte Malwarebytes
Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung

Wenn das Update beendet wurde, aktiviere Quickscan durchführen und drücke auf Scannen.

Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.

Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.

Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.

Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 3:
ESET Online Scanner

Zitat:

Wichtig:
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten!
Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Bitte hier klicken --->
Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden, installieren und starten.

IE-User müssen das Installieren eines ActiveX Elements erlauben.

Setze den einen Haken bei Yes, i accept the Terms of Use/Ja, ich stimme ... zu und drücke den Button.

Warte bis die Komponenten herunter geladen wurden.

Setze einen Haken bei "Scan archives/Archive prüfen" und entferne den Haken bei Remove Found Threads/Entdeckte Bedrohungen entfernen.

drücken. Die Signaturen werden herunter geladen und der Scan beginnt automatisch und kann sehr lange dauern!

Wenn der Scan beendet wurde
Klicke und dann

Speichere das Logfile als ESET.txt auf dem Desktop.

Klicke Back und Finish

Bitte poste die ESET.txt hier oder teile mir mit, dass nichts gefunden wurde.

Schritt 4:
Scan mit SecurityCheck

Downloade Dir bitte SecurityCheck
Speichere es auf dem Desktop.

Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

chicky · 15.11.2012, 15:44

All processes killed
========== OTL ==========
C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L folder moved successfully.
C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U folder moved successfully.
ADS C:\ProgramData\Temp:862BDB1A deleted successfully.
ADS C:\Users\Dominik\AppData\Local\Temp:3xUX4AHIsT8ap4ATIFGH deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dominik
->Temp folder emptied: 36199 bytes
->Temporary Internet Files folder emptied: 7733671 bytes
->Java cache emptied: 8406895 bytes
->FireFox cache emptied: 70919822 bytes
->Flash cache emptied: 71435 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2056 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 83,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11152012_154139

Files\Folders moved on Reboot...
C:\Users\Dominik\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware (Test) 1.65.1.1000
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.11.15.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dominik :: DOMINIK-PC [Administrator]

Schutz: Deaktiviert

15.11.2012 15:48:48
mbam-log-2012-11-15 (15-48-48).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 229293
Laufzeit: 2 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

C:\Dominik\SPIELE\Anno 1404 with Venice Expansion Pack\3.Anno 1404 Venice.iso Win32/Packed.VMProtect.D trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.W trojan
C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.A.Gen trojan
C:\Users\Dominik\Downloads\_Programme\Unlocker1.9.1-x64.exe Win32/Adware.ADON application

und zu guter letzt:

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CloneSpy 2.62
Malwarebytes Anti-Malware Version 1.65.1.1000
Java(TM) 6 Update 35
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.2)
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbam.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Übrigens der ESET-Online Scanner hat 8:46:27 gedauert. ich hatte also mehrere Kaffees

ryder · 16.11.2012, 16:20

Prima!

Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich.
Hinweis: Solltest du Defogger benutzt haben, kannst du jetzt re-enable drücken.

Schritt 1:
Systemwiederherstellungspunkte löschen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:Commands
[CLEARALLRESTOREPOINTS]
         
Schliesse bitte nun alle Programme.

Klicke nun bitte auf den Fix Button.

OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.

Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)

Kopiere nun den Inhalt hier in Deinen Thread.

Schritt 2:
Toolbereinigung mit OTL

Starte bitte OTL und klicke auf Bereinigung.

Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben.

Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Schritt 3:
AdwCleaner entfernen

Starte die adwcleaner.exe mit einem Doppelklick.

Klicke auf Uninstall.

Bestätige mit Ja.

Schritt 4:
ESET deinstallieren (Optional)

Ich empfehle dir dein System einmal pro Woche mit ESET zu scannen. Möchtest du ESET aber entfernen:
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Code:
ATTFilter
"%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"
         

Schritt 5:
Java Update (Windows XP, Vista, 7)

Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Downloade dir bitte die neueste Java-Version und speichere die jxpiinstall.exe

Schließe alle laufenden Programme. Speziell deinen Browser.

Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version (Java 7 Update 9) herunter laden.

Während der Installation entferne den Haken bei:

Wenn die Installation beendet wurde:
Start > Systemsteuerung > Programme und deinstalliere alle älteren Java Versionen, falls vorhanden, und starte deinen Rechner neu.

Nach dem Neustart:
Öffne erneut die Systemsteuerung > Programme und klicke auf das Java Symbol.

Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.

Klicke auf Dateien löschen...

Gehe sicher, dass überall ein Haken gesetzt ist und klicke zweimal OK.

Abschließend noch Tipps zu folgenden Themen:

Systemupdates

Softwareupdates

Sicherheitssoftware

Sicheres Surfen

Zitat:

Lesestoff:
Systemupdates
Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
Bitte überprüfe, ob dein System Windows Updates automatisch herunter lädt:

Windows Updates
Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates

Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Gehe sicher das die automatischen Updates aktiviert sind.

Zitat:

Lesestoff:
Softwareupdates
Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:
Adobe Reader (Adobe - Adobe Reader herunterladen - Alle Versionen => Kein Haken bei "Ja, McAfee ...")

Flash Plugin (Adobe - Adobe Flash Player installieren => Kein Haken bei "Ja, McAfee ...")

Java (Download der kostenlosen Java-Software -> Kein Haken für die ASK-Toolbar während der Installation)

Dein Browser inklusive aller Add-Ons. Das Trojaner-Board bietet dir auch einen Browser-Check.

Auch nicht gelistete Programme sind natürlich wichtig. Ob es für diese eine neue Version gibt, kannst du auf deren Herstellerwebseite oder ganz bequem mit diesen Tools überprüfen:
Secunia Online Software

FileHippo-Update-Checker

Zitat:

Lesestoff:
Sicherheitssoftware
Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
Wenn du deine Antivirenlösung wechseln solltest, findest du hier Tools mit denen du die Überreste nach der Deinstallation deines alten Scanners entfernen kannst.

Installiere niemals mehr als einen Virenscanner. Deren Hintergrundwächter würden sich gegenseitig behindern und dein System ausbremsen.

Ein Browserplugin, das dich vor betrügerischen Webseiten schützt, kann dir gute Dienste leisten, wenn du dich nicht gut auskennst (siehe oben).

Sorge dafür, dass deine Sicherheitslösung ständig up-to-date ist und sich automatisch Updates besorgt. Wenn du auf manuelle Updates setzt bist du meistens zu spät, da die Virendatenbanken oft täglich sogar mehrfach erneuert werden.

Einen zusätzlichen Schutz (und dieser wäre auch erlaubt) bietet ein spezieller Malwarescanner. Hier empfehle ich dir dringend Malwarebytes und einmal wöchentlich damit zu scannen. In der kostenpflichtigen Version hat es sogar einen Hintergrundwächter. Hierfür haben wir eine Anleitung für dich.

Zuletzt empfehle ich dir deine Daten regelmässig (am besten automatisch) zu sichern. Dies kann eine professionelle Backuplösung, externe Festplatten, Brennen auf DVDs oder Überspielen auf ein Online-Laufwerk wie z.B. Dropbox sein. Erzeuge so viele Kopien wie möglich und halte sie aktuell. Nur so bist du auf den schlimmsten Fall vorbereitet, wenn dein Computer - wodurch auch immer - unbrauchbar werden sollte. Leider passiert das ja immer unangekündigt und immer dann wenn man ihn am Nötigsten braucht. Also sorge vor!

Zitat:

Lesestoff:
Sicheres Surfen
Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
Klicke nicht irgendwo hin, nur weil es bunt ist und leuchtet, in einer Ecke aufpoppt oder so aussieht, als wäre es eine Systemmeldung.

Lade dir keine illegale Software, keine Cracks, keine Keygens, keine Gametrainer usw ... die Webseiten, die so etwas anbieten, sind meist nicht seriös und die angeblichen Helfer sind meist verseuchter als du es dir ausmalen würdest. Es spielt dabei keine Rolle, ob du diese Dateien über einen Browser oder Filesharingprogramme beziehst.

Öffne keine Emailanhänge von Leuten, die du nicht kennst, Emails mit seltsamen Rechtschreibfehlern oder starte Dateien, die dir eine Webseite anbietet, ohne dass du sie wolltest.

Lasse niemand an deinem Computer surfen, der diese Regeln nicht auch befolgt.

Verlasse dich nicht darauf, dass dein Virenscanner schon alles findet. Keine Sicherheitslösung ist 100% sicher!

Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
WOT (Web of trust) Dieses Add-On warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst. Hinweis: Avast enthält ein solches Plugin bereits.

Sandboxie schafft eine zusätzliche isolierte Programmumgebung, damit dein Browser wie ein Kleinkind im Sandkasten sicher ist. (Anleitung: Sandboxie)

Securebanking ist ein Software, die Verbindungen untersucht und dir meldet, wenn jemand "mithört". Wie der Name sagt, wurde es entwickelt, damit Onlinebanking wirklich sicher ist. Mehr Infos auf der Homepage: Secure Banking

Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.
Firefox, Opera, Chrome, ...

... mehr findest du auf Microsofts eigener Browserauswahlwebseite.

Damit wünsche ich dir noch viel Spaß beim Surfen im Internet

... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.

chicky · 16.11.2012, 16:35

Schritt1: OTL

========== COMMANDS ==========
System Restore Service not available.

OTL by OldTimer - Version 3.2.69.0 log created on 11162012_163523

Java updater meldet meine java sei "corruopt" und bricht aktualisierung ab???

15.11.2012, 11:35	#6
ryder /// TB-Ausbilder	Leidiger ZeroAccess Keine Ahnung Habs noch nie benutzt - notfalls deinstallieren. __________________ --> Leidiger ZeroAccess

Leidiger ZeroAccess

Plagegeister aller Art und deren Bekämpfung: Leidiger ZeroAccess