kann nicht downloden...Downlods werden abgebrochen>>erscheint Systemfehler u boote neu

Mama · 04.01.2013, 22:26

Hilfe ich werde ausgeschaltet...

ich kann nicht mehr downloaden...jeder Download wird abgebrochen und es erscheint der Hinweis...Systemfehler, sie müssen neu Booten...Neustart ja oder Nein. Avira hat nix gefunden, aber vielleicht hat sich ja doch einer bei mir eingenistet.
Hab hier schon etwas umhergelesen und den tollen Beitarg von "Cosinus" gelesen, mit dem OTL-Qick Scan hab ich schon alles durchgerappelt und den OTL-Text aus dem Editor kopiert...
Nur in welchen Thread soll ich das einfügen und wie gehts dann weiter???
Für ein schnelle Hilfe wär ich sehr dankbar...

ryder · 04.01.2013, 23:58

Tag Maaaama

Wir helfen dir keine Sorge ...

Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.

Zitat:

Lesestoff:
Regeln für die Bereinigung
Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt Rückmeldung (Logfile oder Antwort) und zwar gesammelt, wenn du alles erledigt hast, in einer Antwort.

Nur Scanns durchführen zu denen Du aufgefordert wirst.

Bitte kein Crossposting (posten in mehreren Foren).

Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.

Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.

Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags - #-Symbol im Editor anklicken). Nicht anhängen oder zippen, außer ich fordere Dich dazu auf, oder das Logfile wäre zu gross. Erschwert mir nämlich das Auswerten.

Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss.

Beim ersten Anzeichen illegal genutzer Software (Cracks, Patches und Co) wird der Support ohne Diskussion eingestellt.

Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.

Ich werde dir ganz deutlich mitteilen, dass du "sauber" bist. Bis dahin arbeite bitte gut mit.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.

Gelesen und verstanden?

OTL logfile hier posten wir schauen es uns an, am Besten so:

Zitat:

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.

Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].

Setze den Curser zwischen die CODE-Tags und drücke STRG+V.

Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Mama · 05.01.2013, 11:47

[CODE][OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.01.2013 20:50:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mama\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,41% Memory free
7,93 Gb Paging File | 5,99 Gb Available in Paging File | 75,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,36 Gb Total Space | 189,51 Gb Free Space | 66,41% Space Free | Partition Type: NTFS
Drive D: | 12,53 Gb Total Space | 2,10 Gb Free Space | 16,74% Space Free | Partition Type: NTFS
 
Computer Name: MAMA-PC | User Name: Mama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Mama\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ArcSoft\TotalMedia TV 1.0\TotalMediaTVMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\XSManager\WTGService.exe ()
PRC - C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SearchAnonymizer) -- C:\Users\Mama\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (WTGService) -- C:\Program Files (x86)\XSManager\WTGService.exe ()
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe (IDT, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH)
DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (cmnsusbser) -- C:\Windows\SysNative\drivers\cmnsusbser.sys (Mobile Connector)
DRV:64bit: - (smsbda) -- C:\Windows\SysNative\drivers\smsbda.sys (Siano)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV - (avfwot) -- C:\Windows\SysWOW64\drivers\avfwot.sys (Avira GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE:64bit: - HKLM\..\SearchScopes\{1276CCB3-169D-4E6A-8AA7-245C91B39EE0}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=101&systemid=410&apn_dtid=BND410&apn_ptnrs=AGA&o=APN10649&apn_uid=4177457690404193&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{A6AEB138-D263-484A-8A11-D0DC14A16F0F}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{B1E2DA6F-80F2-4481-BF9B-27FDA9B8B6C0}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006.10028&barid={570AF300-550E-11E2-A4FC-00269EA34C97}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=06ab7950000000000000904ce52d3420&tlver=1.4.19.14&affID=17163
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{1276CCB3-169D-4E6A-8AA7-245C91B39EE0}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=101&systemid=410&apn_dtid=BND410&apn_ptnrs=AGA&o=APN10649&apn_uid=4177457690404193&q={searchTerms}
IE - HKLM\..\SearchScopes\{A6AEB138-D263-484A-8A11-D0DC14A16F0F}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3241949
IE - HKLM\..\SearchScopes\{B1E2DA6F-80F2-4481-BF9B-27FDA9B8B6C0}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10028&barid={570AF300-550E-11E2-A4FC-00269EA34C97}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://search.conduit.com?SearchSource=10&ctid=CT3241949
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes,DefaultScope = {54990008-235C-403E-8846-4DC8F9578B5F}
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{1276CCB3-169D-4E6A-8AA7-245C91B39EE0}: "URL" = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F703D7B7365617263685465726D737D2665693D7B696E707574456E636F64696E677D2666723D63622D6870303626747970653D696532303038&st={searchTerms}&clid=9ffd20b6-c7d5-4541-aa6b-331bcbc61651&pid=fotofreeware&k=0
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E626162796C6F6E2E636F6D2F3F6261627372633D53505F737326713D7B7365617263685465726D737D266D6E747249643D303661623739353030303030303030303030303039303463653532643334323026746C7665723D312E342E31392E31342661666649443D3137313633&st={searchTerms}&clid=9ffd20b6-c7d5-4541-aa6b-331bcbc61651&pid=fotofreeware&k=0
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{2ADB7492-1456-4C3D-A79A-60EB53404889}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=9ffd20b6-c7d5-4541-aa6b-331bcbc61651&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{54990008-235C-403E-8846-4DC8F9578B5F}: "URL" = hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7AURU_de
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{8D405BD7-0BC9-45F4-9CD3-1D7FE3F13026}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=9ffd20b6-c7d5-4541-aa6b-331bcbc61651&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{967EE377-F13F-412A-80EE-92C05C8018E8}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=9ffd20b6-c7d5-4541-aa6b-331bcbc61651&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=101&systemid=410&apn_dtid=BND410&apn_ptnrs=AGA&o=APN10649&apn_uid=4177457690404193&q={searchTerms}
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{A6AEB138-D263-484A-8A11-D0DC14A16F0F}: "URL" = hxxp://de.kelkoopartners.net.anonymize-me.de/?anonymto=687474703A2F2F64652E6B656C6B6F6F706172746E6572732E6E65742F63746C2F646F2F7365617263683F7369746553656172636851756572793D7B7365617263685465726D737D2666726F6D666F726D3D7472756526783D7472756526793D7472756526706172746E65723D687026706172746E657249643D3936393133393333&st={searchTerms}&clid=9ffd20b6-c7d5-4541-aa6b-331bcbc61651&pid=fotofreeware&k=0
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{B1E2DA6F-80F2-4481-BF9B-27FDA9B8B6C0}: "URL" = hxxp://slirsredirect.search.aol.com.anonymize-me.de/?anonymto=687474703A2F2F736C69727372656469726563742E7365617263682E616F6C2E636F6D2F736C6972735F687474702F7372656469723F7372656469723D313134352671756572793D7B7365617263685465726D737D26696E766F636174696F6E547970653D746235306870636E6E626965372D64652D6465&st={searchTerms}&clid=9ffd20b6-c7d5-4541-aa6b-331bcbc61651&pid=fotofreeware&k=0
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}: "URL" = hxxp://www.amazon.com/websearch/ref=bit_bds-p18_serp_ie_us_display?ie=UTF8&tag=bds-p18-serp-us-ie-20&tagbase=bds-p18&tbrId=v1_abb-channel-18_336c9aaff51d4215acac18279ea9f472_18_38_20121231_US_ie_ds_OC1&query={searchTerms}
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{C915FFD6-B226-4BDB-AC52-F536D37FB6B0}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=9ffd20b6-c7d5-4541-aa6b-331bcbc61651&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.Incredibar.com/?search={searchTerms}&loc=Games_DS&a=1eyoNjKTxFd&i=38
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{D6221C99-750E-4F35-9F85-30282D1B0EC2}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=bf98f514-28c8-4650-a2bf-44135fdcb58b&apn_sauid=B93DB9CB-5D72-40FB-901C-B753CC53D604
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{DDE05742-13B4-4D6A-8B68-7E1737386738}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=9ffd20b6-c7d5-4541-aa6b-331bcbc61651&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{EDEC6F50-FF5C-40F0-936B-508105AEF98A}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=9ffd20b6-c7d5-4541-aa6b-331bcbc61651&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10028&barid={570AF300-550E-11E2-A4FC-00269EA34C97}
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1003\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome_first&locale=de_DE&c=94&bd=Presario&pf=cnnb
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2013.01.04 19:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.03 23:18:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.08.01 21:55:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.17 12:29:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.01 21:26:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.23 13:48:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.12 08:50:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.11.04 18:40:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.05.07 19:28:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.07.31 17:11:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.10.01 09:12:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.24 19:25:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.12.30 23:55:12 | 000,002,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.12.29 23:05:22 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.msn.com/?pc=BDT3&ocid=bdtdhp
CHR - homepage: hxxp://www.msn.com/?pc=BDT3&ocid=bdtdhp
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00C2\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Incredibar-Games EN = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpimglhojapikoeeifcifanbeinephdm\2.3.16.7_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.1.0.1_0\
CHR - Extension: Amazon f\u00FCr Chrome = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\2.2.2012.275_0\
CHR - Extension: Incredibar-Games EN = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpimglhojapikoeeifcifanbeinephdm\2.3.16.7_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.1.0.1_0\
CHR - Extension: Amazon f\u00FCr Chrome = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\2.2.2012.275_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - No CLSID value found.
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\Toolbar\WebBrowser: (no name) - {238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9} - No CLSID value found.
O3 - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\Toolbar\WebBrowser: (no name) - {78E516EF-11DE-47A1-8364-A99B917EC5EE} - No CLSID value found.
O3 - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Mama\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [TotalMediaTVMonitor] C:\Program Files (x86)\ArcSoft\TotalMedia TV 1.0\TotalMediaTVMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-891449488-2511249802-2422203187-1001..\Run: [DriverScanner] "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000  File not found
O4 - HKU\S-1-5-21-891449488-2511249802-2422203187-1001..\Run: [GoogleChromeAutoLaunch_2A21C23C669AC3D64924D1229AADD79B] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-891449488-2511249802-2422203187-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-891449488-2511249802-2422203187-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-21-891449488-2511249802-2422203187-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Mama\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Mama\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6931C25-FFF0-426B-B73A-2030DB27EFCF}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3f86a9c8-0d09-11df-a7a8-00269ea34c97}\Shell - "" = AutoRun
O33 - MountPoints2\{3f86a9c8-0d09-11df-a7a8-00269ea34c97}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{7db69e1f-049e-11e2-83f6-00269ea34c97}\Shell - "" = AutoRun
O33 - MountPoints2\{7db69e1f-049e-11e2-83f6-00269ea34c97}\Shell\AutoRun\command - "" = F:\ting.exe
O33 - MountPoints2\{7db69e34-049e-11e2-83f6-00269ea34c97}\Shell - "" = AutoRun
O33 - MountPoints2\{7db69e34-049e-11e2-83f6-00269ea34c97}\Shell\AutoRun\command - "" = F:\ting.exe
O33 - MountPoints2\{d4e35fde-e843-11df-b22c-00269ea34c97}\Shell - "" = AutoRun
O33 - MountPoints2\{d4e35fde-e843-11df-b22c-00269ea34c97}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Ocs_SM - hkey= - key= - C:\Users\Mama\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
MsConfig:64bit - StartUpReg: QlbCtrl.exe - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig:64bit - StartUpReg: QPService - hkey= - key= - C:\Program Files (x86)\HP\QuickPlay\QPService.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: swg - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: WirelessAssistant - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Company)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.dvacm - C:\PROGRA~2\COMMON~1\ULEADS~1\Vio\Dvacm.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\Windows\SysWow64\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.04 19:38:03 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013.01.03 23:02:58 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Radiotracker USB 6
[2013.01.03 23:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PixiePack Codec Pack
[2013.01.03 22:53:05 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Local\RapidSolution
[2013.01.02 21:39:54 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MeGUI
[2013.01.02 21:28:24 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013.01.02 21:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013.01.02 21:28:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2013.01.02 19:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013.01.02 19:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2013.01.02 19:58:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM
[2013.01.02 19:57:47 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Mama\Desktop\revo-uninstaller.exe
[2013.01.02 19:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.12.31 21:50:02 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\HandBrake
[2012.12.31 21:35:11 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Babylon
[2012.12.31 21:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.12.30 23:55:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO
[2012.12.30 23:21:45 | 000,000,000 | ---D | C] -- C:\Users\Mama\Documents\FormatFactory
[2012.12.30 23:05:23 | 000,000,000 | ---D | C] -- C:\FFOutput
[2012.12.30 22:08:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012.12.30 21:48:05 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Broad Intelligence
[2012.12.30 21:48:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaCoder
[2012.12.30 20:56:34 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\systweak
[2012.12.30 20:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
[2012.12.30 20:54:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2012.12.30 00:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2012.12.30 00:15:06 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Local\PC_Drivers_Headquarters
[2012.12.30 00:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Whiz
[2012.12.30 00:03:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Whiz
[2012.12.29 23:19:27 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\FreeCDRipper
[2012.12.29 23:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
[2012.12.29 23:05:35 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDesign.dll
[2012.12.29 23:05:35 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudFile.dll
[2012.12.29 23:05:35 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioInfos.dll
[2012.12.29 23:05:35 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioVisu.dll
[2012.12.29 23:05:35 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudPlayer.dll
[2012.12.29 23:05:35 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioRecord.dll
[2012.12.29 23:05:35 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDisplay.dll
[2012.12.29 23:05:35 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\WMAFile.dll
[2012.12.29 23:05:34 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\FreeAudioPack
[2012.12.29 23:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012.12.29 23:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free mp3 Wma Converter
[2012.12.29 20:59:56 | 000,037,216 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.12.29 20:59:56 | 000,029,536 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.12.29 20:33:12 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Local\VisualBeeExe
[2012.12.29 20:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
[2012.12.29 20:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012.12.29 20:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2012.12.29 20:32:17 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.29 20:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.12.29 20:32:05 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\OpenCandy
[2012.12.29 20:32:05 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\DVDVideoSoft
[2012.12.29 20:32:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.12.29 20:32:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.12.29 20:29:20 | 023,268,496 | ---- | C] (DVDVideoSoft Ltd.                                           ) -- C:\Users\Mama\Desktop\FreeYouTubeDownload3-1-42-12-12.exe
[2012.12.29 20:14:07 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.12.29 20:14:06 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.12.29 20:14:06 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.12.29 20:13:47 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\TuneUp Software
[2012.12.29 20:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.12.29 20:13:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.12.29 20:13:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.12.29 20:13:17 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\4Free
[2012.12.29 20:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Free Video Converter
[2012.12.28 22:28:47 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\NVIDIA
[2012.12.28 22:28:44 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\MOVAVI
[2012.12.28 17:21:37 | 000,000,000 | ---D | C] -- C:\Users\Mama\Desktop\Kinderfilme
[2012.12.18 14:25:42 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Avira
[2012.12.18 14:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.12.18 14:24:16 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Local\APN
[2012.12.18 14:24:08 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.18 14:24:08 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.12.18 14:24:07 | 000,140,936 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2012.12.18 14:24:07 | 000,114,168 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2012.12.18 14:24:07 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.18 14:24:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.12.07 22:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.12.07 22:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.12.07 21:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.04 20:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.04 20:25:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013.01.04 20:14:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.04 20:11:01 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.04 20:11:01 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.04 20:03:08 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.04 20:03:07 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2013.01.04 20:02:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.04 20:02:50 | 3195,211,776 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.04 19:38:04 | 000,001,264 | ---- | M] () -- C:\Users\Mama\Desktop\Revo Uninstaller.lnk
[2013.01.04 18:37:09 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMama.job
[2013.01.03 23:09:40 | 000,000,112 | ---- | M] () -- C:\Windows\Podcasts.INI
[2013.01.03 23:02:59 | 000,001,567 | ---- | M] () -- C:\Users\Mama\Desktop\Radiotracker 6 USB.lnk
[2013.01.03 22:54:51 | 001,486,084 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.03 22:54:51 | 000,648,704 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.03 22:54:51 | 000,611,332 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.03 22:54:51 | 000,128,930 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.03 22:54:51 | 000,105,512 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.03 21:46:28 | 000,002,036 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2013.01.02 21:38:18 | 000,001,890 | ---- | M] () -- C:\Users\Mama\Desktop\IrfanView Thumbnails.lnk
[2013.01.02 21:38:18 | 000,001,002 | ---- | M] () -- C:\Users\Mama\Desktop\IrfanView.lnk
[2013.01.02 19:57:47 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Mama\Desktop\revo-uninstaller.exe
[2012.12.31 22:03:13 | 000,002,271 | ---- | M] () -- C:\Users\Mama\Desktop\Free AVI Video Converter.lnk
[2012.12.31 21:52:53 | 000,076,493 | ---- | M] () -- C:\Users\Mama\Documents\tmp_cover389.jpg
[2012.12.31 21:46:17 | 000,001,343 | ---- | M] () -- C:\Users\Public\Desktop\Free DVD Video Converter.lnk
[2012.12.31 21:46:17 | 000,001,239 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2012.12.31 14:10:47 | 000,370,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.29 23:56:26 | 000,000,580 | ---- | M] () -- C:\Users\Mama\AppData\Local\cookies.ini
[2012.12.29 23:05:37 | 000,001,298 | ---- | M] () -- C:\Users\Mama\Desktop\Free CD Ripper.lnk
[2012.12.29 20:32:13 | 000,001,302 | ---- | M] () -- C:\Users\Mama\Desktop\Free YouTube Download.lnk
[2012.12.29 20:32:13 | 000,001,239 | ---- | M] () -- C:\Users\Mama\Desktop\DVDVideoSoft Free Studio.lnk
[2012.12.29 20:30:10 | 023,268,496 | ---- | M] (DVDVideoSoft Ltd.                                           ) -- C:\Users\Mama\Desktop\FreeYouTubeDownload3-1-42-12-12.exe
[2012.12.28 21:10:23 | 000,001,293 | ---- | M] () -- C:\Users\Mama\Desktop\AVS4YOU Software Navigator.lnk
[2012.12.28 21:10:03 | 000,001,237 | ---- | M] () -- C:\Users\Mama\Desktop\AVS Video Converter.lnk
[2012.12.18 14:25:33 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.12.18 09:42:45 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.18 09:42:45 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.18 09:42:45 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.12.18 09:42:44 | 000,140,936 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2012.12.18 09:42:44 | 000,114,168 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2012.12.12 20:16:29 | 000,002,374 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.10 21:59:08 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMAMA-PC$.job
[2012.12.07 21:57:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
 
========== Files Created - No Company Name ==========
 
[2013.01.03 23:09:40 | 000,000,112 | ---- | C] () -- C:\Windows\Podcasts.INI
[2013.01.03 23:02:59 | 000,001,567 | ---- | C] () -- C:\Users\Mama\Desktop\Radiotracker 6 USB.lnk
[2013.01.03 22:41:29 | 000,001,264 | ---- | C] () -- C:\Users\Mama\Desktop\Revo Uninstaller.lnk
[2013.01.03 21:43:45 | 000,002,036 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2013.01.02 21:28:24 | 000,001,890 | ---- | C] () -- C:\Users\Mama\Desktop\IrfanView Thumbnails.lnk
[2013.01.02 21:28:24 | 000,001,002 | ---- | C] () -- C:\Users\Mama\Desktop\IrfanView.lnk
[2012.12.31 22:03:13 | 000,002,271 | ---- | C] () -- C:\Users\Mama\Desktop\Free AVI Video Converter.lnk
[2012.12.31 21:52:52 | 000,076,493 | ---- | C] () -- C:\Users\Mama\Documents\tmp_cover389.jpg
[2012.12.31 21:46:17 | 000,001,343 | ---- | C] () -- C:\Users\Public\Desktop\Free DVD Video Converter.lnk
[2012.12.31 21:46:17 | 000,001,239 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2012.12.29 23:05:37 | 000,001,298 | ---- | C] () -- C:\Users\Mama\Desktop\Free CD Ripper.lnk
[2012.12.29 23:05:35 | 000,116,296 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx
[2012.12.29 23:05:34 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2012.12.29 20:32:26 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\DriverScanner.job
[2012.12.29 20:32:13 | 000,001,302 | ---- | C] () -- C:\Users\Mama\Desktop\Free YouTube Download.lnk
[2012.12.29 20:32:13 | 000,001,239 | ---- | C] () -- C:\Users\Mama\Desktop\DVDVideoSoft Free Studio.lnk
[2012.12.28 21:10:03 | 000,001,237 | ---- | C] () -- C:\Users\Mama\Desktop\AVS Video Converter.lnk
[2012.12.22 22:07:34 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForMama.job
[2012.12.18 14:25:33 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.12.07 21:57:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012.10.02 21:05:24 | 000,098,344 | ---- | C] () -- C:\Windows\unPMV.exe
[2012.09.02 21:09:12 | 000,010,240 | ---- | C] () -- C:\Users\Mama\Tauflied.wps
[2012.04.17 20:59:43 | 000,000,580 | ---- | C] () -- C:\Users\Mama\AppData\Local\cookies.ini
[2011.10.04 14:23:02 | 000,000,000 | ---- | C] () -- C:\Users\Mama\AppData\Local\{9C066BFF-47FC-4F2D-AE9C-E4356B2BC404}
[2011.01.16 17:39:25 | 000,001,854 | ---- | C] () -- C:\Users\Mama\AppData\Roaming\GhostObjGAFix.xml
[2010.02.27 20:02:41 | 000,012,288 | ---- | C] () -- C:\Users\Mama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.31 20:59:30 | 000,000,940 | ---- | C] () -- C:\Users\Mama\AppData\Roaming\wklnhst.dat
[2009.09.25 00:55:02 | 000,001,347 | ---- | C] () -- C:\ProgramData\hpqp.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.29 20:13:17 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\4Free
[2012.12.31 21:35:11 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Babylon
[2012.12.30 23:43:42 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Broad Intelligence
[2011.12.30 20:53:24 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.12.31 14:09:25 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DesktopIconForAmazon
[2012.12.31 22:03:12 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DVDVideoSoft
[2012.12.29 20:32:17 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.31 14:09:25 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\FreeAudioPack
[2012.12.29 23:19:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\FreeCDRipper
[2012.12.31 21:50:02 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\HandBrake
[2012.11.03 19:53:49 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Incredibar
[2013.01.02 21:26:41 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\IrfanView
[2012.12.28 23:05:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MOVAVI
[2011.12.26 23:03:09 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\OCS
[2012.12.31 21:46:06 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\OpenCandy
[2012.12.31 14:07:38 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Opera
[2011.10.04 21:37:13 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Reviversoft
[2012.10.02 21:05:57 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SoftMaker
[2013.01.03 22:05:19 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\systweak
[2010.01.31 20:59:31 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Template
[2012.12.29 20:13:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\TuneUp Software
[2010.02.04 20:19:27 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Ulead Systems
[2011.12.26 23:19:05 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Visan
[2013.01.02 22:02:38 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\WildTangent
[2010.11.29 17:38:58 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\XSManager
[2012.12.23 18:30:26 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\_MDLogs
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.12.29 20:13:17 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\4Free
[2011.12.30 20:49:07 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Adobe
[2010.11.04 20:22:37 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\ArcSoft
[2012.12.18 14:25:42 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Avira
[2012.12.28 21:10:35 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\AVS4YOU
[2012.12.31 21:35:11 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Babylon
[2012.12.30 23:43:42 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Broad Intelligence
[2011.12.30 20:53:24 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010.07.19 10:19:08 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\CyberLink
[2012.12.31 14:09:25 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DesktopIconForAmazon
[2012.12.31 22:03:12 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DVDVideoSoft
[2012.12.29 20:32:17 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.31 14:09:25 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\FreeAudioPack
[2012.12.29 23:19:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\FreeCDRipper
[2010.01.29 20:00:45 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Google
[2012.12.31 21:50:02 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\HandBrake
[2010.03.09 20:42:30 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Hewlett-Packard
[2010.04.07 19:44:25 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\HP Support Assistant
[2010.01.29 12:14:17 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\HP TCS
[2012.12.29 21:12:05 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\hpqlog
[2012.12.29 21:12:05 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\HpUpdate
[2010.01.29 12:22:56 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Identities
[2012.11.03 19:53:49 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Incredibar
[2013.01.02 21:26:41 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\IrfanView
[2010.01.29 12:25:34 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Macromedia
[2009.09.25 10:18:48 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Media Center Programs
[2013.01.03 23:02:58 | 000,000,000 | --SD | M] -- C:\Users\Mama\AppData\Roaming\Microsoft
[2012.12.28 23:05:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MOVAVI
[2012.12.28 22:28:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\NVIDIA
[2011.12.26 23:03:09 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\OCS
[2012.12.31 21:46:06 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\OpenCandy
[2012.12.31 14:07:38 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Opera
[2011.10.04 21:37:13 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Reviversoft
[2012.09.05 21:10:09 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Skype
[2012.10.02 21:05:57 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SoftMaker
[2011.08.09 12:48:31 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Sony Corporation
[2013.01.03 22:05:19 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\systweak
[2010.01.31 20:59:31 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Template
[2012.12.29 20:13:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\TuneUp Software
[2011.07.14 19:00:28 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\U3
[2010.02.04 20:19:27 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Ulead Systems
[2011.12.26 23:19:05 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Visan
[2013.01.02 22:02:38 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\WildTangent
[2010.11.29 17:38:58 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\XSManager
[2012.12.23 18:30:26 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\_MDLogs
 
< %APPDATA%\*.exe /s >
[2011.12.26 23:03:07 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Mama\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2012.11.03 19:53:50 | 000,464,752 | ---- | M] () -- C:\Users\Mama\AppData\Roaming\Incredibar\incredibar_install.exe
[2011.12.30 20:49:04 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Mama\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2013.01.03 23:02:58 | 000,017,542 | R--- | M] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Installer\{972D6199-7C5C-457D-9B21-5550BACE5439}\audials_one_installer.exe
[2013.01.03 23:02:58 | 000,017,542 | R--- | M] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Installer\{972D6199-7C5C-457D-9B21-5550BACE5439}\ext.exe
[2013.01.03 23:02:58 | 000,017,542 | R--- | M] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Installer\{972D6199-7C5C-457D-9B21-5550BACE5439}\ext_1.exe
[2013.01.03 23:02:58 | 000,017,542 | R--- | M] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Installer\{972D6199-7C5C-457D-9B21-5550BACE5439}\ext_2.exe
[2013.01.03 23:02:58 | 000,017,542 | R--- | M] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Installer\{972D6199-7C5C-457D-9B21-5550BACE5439}\ext_3.exe
[2013.01.03 23:02:58 | 000,017,542 | R--- | M] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Installer\{972D6199-7C5C-457D-9B21-5550BACE5439}\ext_4.exe
[2013.01.03 23:02:58 | 000,017,542 | R--- | M] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Installer\{972D6199-7C5C-457D-9B21-5550BACE5439}\ext_5.exe
[2013.01.03 23:02:58 | 000,017,542 | R--- | M] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Installer\{972D6199-7C5C-457D-9B21-5550BACE5439}\ext_6.exe
[2013.01.03 23:02:58 | 000,017,542 | R--- | M] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Installer\{972D6199-7C5C-457D-9B21-5550BACE5439}\ext_7.exe
[2013.01.03 23:02:58 | 000,017,542 | R--- | M] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Installer\{972D6199-7C5C-457D-9B21-5550BACE5439}\ext_8.exe
[2013.01.03 23:02:58 | 000,014,534 | R--- | M] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Installer\{972D6199-7C5C-457D-9B21-5550BACE5439}\SystemFolder_msiexec.exe
[2011.12.26 23:03:09 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Mama\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2011.12.26 23:03:09 | 000,040,960 | ---- | M] () -- C:\Users\Mama\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2012.04.20 18:15:14 | 005,837,400 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\Mama\AppData\Roaming\OpenCandy\1FBF429A6C8C4E0DBDD828239B63A569\speedupmypcDE.exe
[2012.12.28 03:23:54 | 005,504,288 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\Mama\AppData\Roaming\OpenCandy\E7FAE3C0A09740C1AF9A12E96710C3FA\driverscannerDE.exe
[2012.12.29 20:32:20 | 005,596,272 | ---- | M] () -- C:\Users\Mama\AppData\Roaming\OpenCandy\E7FAE3C0A09740C1AF9A12E96710C3FA\driverscannerDE_p2v0.exe
[2012.12.29 20:32:06 | 000,302,448 | ---- | M] (OpenCandy) -- C:\Users\Mama\AppData\Roaming\OpenCandy\E7FAE3C0A09740C1AF9A12E96710C3FA\LatestDLMgr.exe
[2012.10.12 19:10:16 | 003,330,032 | ---- | M] () -- C:\Users\Mama\AppData\Roaming\OpenCandy\E96BB6FDB3134FB9B2B110CEF19E385F\INTERNALWRAPPER.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.10.25 20:02:31 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2012.10.25 20:02:31 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2012.11.14 03:14:59 | 009,738,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll

< End of report >

--- --- ---
/CODE]

Mama · 05.01.2013, 11:54

[CODE][OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.01.2013 20:50:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mama\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,41% Memory free
7,93 Gb Paging File | 5,99 Gb Available in Paging File | 75,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,36 Gb Total Space | 189,51 Gb Free Space | 66,41% Space Free | Partition Type: NTFS
Drive D: | 12,53 Gb Total Space | 2,10 Gb Free Space | 16,74% Space Free | Partition Type: NTFS
 
Computer Name: MAMA-PC | User Name: Mama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Mama\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ArcSoft\TotalMedia TV 1.0\TotalMediaTVMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\XSManager\WTGService.exe ()
PRC - C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SearchAnonymizer) -- C:\Users\Mama\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (WTGService) -- C:\Program Files (x86)\XSManager\WTGService.exe ()
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe (IDT, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH)
DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (cmnsusbser) -- C:\Windows\SysNative\drivers\cmnsusbser.sys (Mobile Connector)
DRV:64bit: - (smsbda) -- C:\Windows\SysNative\drivers\smsbda.sys (Siano)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV - (avfwot) -- C:\Windows\SysWOW64\drivers\avfwot.sys (Avira GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE:64bit: - HKLM\..\SearchScopes\{1276CCB3-169D-4E6A-8AA7-245C91B39EE0}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=101&systemid=410&apn_dtid=BND410&apn_ptnrs=AGA&o=APN10649&apn_uid=4177457690404193&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{A6AEB138-D263-484A-8A11-D0DC14A16F0F}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{B1E2DA6F-80F2-4481-BF9B-27FDA9B8B6C0}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006.10028&barid={570AF300-550E-11E2-A4FC-00269EA34C97}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=06ab7950000000000000904ce52d3420&tlver=1.4.19.14&affID=17163
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{1276CCB3-169D-4E6A-8AA7-245C91B39EE0}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=101&systemid=410&apn_dtid=BND410&apn_ptnrs=AGA&o=APN10649&apn_uid=4177457690404193&q={searchTerms}
IE - HKLM\..\SearchScopes\{A6AEB138-D263-484A-8A11-D0DC14A16F0F}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3241949
IE - HKLM\..\SearchScopes\{B1E2DA6F-80F2-4481-BF9B-27FDA9B8B6C0}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10028&barid={570AF300-550E-11E2-A4FC-00269EA34C97}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://search.conduit.com?SearchSource=10&ctid=CT3241949
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes,DefaultScope = {54990008-235C-403E-8846-4DC8F9578B5F}
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{1276CCB3-169D-4E6A-8AA7-245C91B39EE0}: "URL" = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F703D7B7365617263685465726D737D2665693D7B696E707574456E636F64696E677D2666723D63622D6870303626747970653D696532303038&st={searchTerms}&clid=9ffd20b6-c7d5-4541-aa6b-331bcbc61651&pid=fotofreeware&k=0
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E626162796C6F6E2E636F6D2F3F6261627372633D53505F737326713D7B7365617263685465726D737D266D6E747249643D303661623739353030303030303030303030303039303463653532643334323026746C7665723D312E342E31392E31342661666649443D3137313633&st={searchTerms}&clid=9ffd20b6-c7d5-4541-aa6b-331bcbc61651&pid=fotofreeware&k=0
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{2ADB7492-1456-4C3D-A79A-60EB53404889}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=9ffd20b6-c7d5-4541-aa6b-331bcbc61651&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{54990008-235C-403E-8846-4DC8F9578B5F}: "URL" = hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7AURU_de
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{8D405BD7-0BC9-45F4-9CD3-1D7FE3F13026}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=9ffd20b6-c7d5-4541-aa6b-331bcbc61651&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{967EE377-F13F-412A-80EE-92C05C8018E8}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=9ffd20b6-c7d5-4541-aa6b-331bcbc61651&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=101&systemid=410&apn_dtid=BND410&apn_ptnrs=AGA&o=APN10649&apn_uid=4177457690404193&q={searchTerms}
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{A6AEB138-D263-484A-8A11-D0DC14A16F0F}: "URL" = hxxp://de.kelkoopartners.net.anonymize-me.de/?anonymto=687474703A2F2F64652E6B656C6B6F6F706172746E6572732E6E65742F63746C2F646F2F7365617263683F7369746553656172636851756572793D7B7365617263685465726D737D2666726F6D666F726D3D7472756526783D7472756526793D7472756526706172746E65723D687026706172746E657249643D3936393133393333&st={searchTerms}&clid=9ffd20b6-c7d5-4541-aa6b-331bcbc61651&pid=fotofreeware&k=0
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{B1E2DA6F-80F2-4481-BF9B-27FDA9B8B6C0}: "URL" = hxxp://slirsredirect.search.aol.com.anonymize-me.de/?anonymto=687474703A2F2F736C69727372656469726563742E7365617263682E616F6C2E636F6D2F736C6972735F687474702F7372656469723F7372656469723D313134352671756572793D7B7365617263685465726D737D26696E766F636174696F6E547970653D746235306870636E6E626965372D64652D6465&st={searchTerms}&clid=9ffd20b6-c7d5-4541-aa6b-331bcbc61651&pid=fotofreeware&k=0
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}: "URL" = hxxp://www.amazon.com/websearch/ref=bit_bds-p18_serp_ie_us_display?ie=UTF8&tag=bds-p18-serp-us-ie-20&tagbase=bds-p18&tbrId=v1_abb-channel-18_336c9aaff51d4215acac18279ea9f472_18_38_20121231_US_ie_ds_OC1&query={searchTerms}
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{C915FFD6-B226-4BDB-AC52-F536D37FB6B0}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=9ffd20b6-c7d5-4541-aa6b-331bcbc61651&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.Incredibar.com/?search={searchTerms}&loc=Games_DS&a=1eyoNjKTxFd&i=38
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{D6221C99-750E-4F35-9F85-30282D1B0EC2}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=bf98f514-28c8-4650-a2bf-44135fdcb58b&apn_sauid=B93DB9CB-5D72-40FB-901C-B753CC53D604
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{DDE05742-13B4-4D6A-8B68-7E1737386738}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=9ffd20b6-c7d5-4541-aa6b-331bcbc61651&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{EDEC6F50-FF5C-40F0-936B-508105AEF98A}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=9ffd20b6-c7d5-4541-aa6b-331bcbc61651&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10028&barid={570AF300-550E-11E2-A4FC-00269EA34C97}
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1003\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome_first&locale=de_DE&c=94&bd=Presario&pf=cnnb
IE - HKU\S-1-5-21-891449488-2511249802-2422203187-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2013.01.04 19:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.03 23:18:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.08.01 21:55:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.17 12:29:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.01 21:26:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.23 13:48:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.12 08:50:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.11.04 18:40:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.05.07 19:28:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.07.31 17:11:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.10.01 09:12:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.24 19:25:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.12.30 23:55:12 | 000,002,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.12.29 23:05:22 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.msn.com/?pc=BDT3&ocid=bdtdhp
CHR - homepage: hxxp://www.msn.com/?pc=BDT3&ocid=bdtdhp
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00C2\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Incredibar-Games EN = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpimglhojapikoeeifcifanbeinephdm\2.3.16.7_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.1.0.1_0\
CHR - Extension: Amazon f\u00FCr Chrome = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\2.2.2012.275_0\
CHR - Extension: Incredibar-Games EN = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpimglhojapikoeeifcifanbeinephdm\2.3.16.7_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.1.0.1_0\
CHR - Extension: Amazon f\u00FCr Chrome = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\2.2.2012.275_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - No CLSID value found.
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\Toolbar\WebBrowser: (no name) - {238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9} - No CLSID value found.
O3 - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\Toolbar\WebBrowser: (no name) - {78E516EF-11DE-47A1-8364-A99B917EC5EE} - No CLSID value found.
O3 - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Mama\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [TotalMediaTVMonitor] C:\Program Files (x86)\ArcSoft\TotalMedia TV 1.0\TotalMediaTVMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-891449488-2511249802-2422203187-1001..\Run: [DriverScanner] "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000  File not found
O4 - HKU\S-1-5-21-891449488-2511249802-2422203187-1001..\Run: [GoogleChromeAutoLaunch_2A21C23C669AC3D64924D1229AADD79B] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-891449488-2511249802-2422203187-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-891449488-2511249802-2422203187-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-891449488-2511249802-2422203187-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-21-891449488-2511249802-2422203187-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Mama\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Mama\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6931C25-FFF0-426B-B73A-2030DB27EFCF}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3f86a9c8-0d09-11df-a7a8-00269ea34c97}\Shell - "" = AutoRun
O33 - MountPoints2\{3f86a9c8-0d09-11df-a7a8-00269ea34c97}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{7db69e1f-049e-11e2-83f6-00269ea34c97}\Shell - "" = AutoRun
O33 - MountPoints2\{7db69e1f-049e-11e2-83f6-00269ea34c97}\Shell\AutoRun\command - "" = F:\ting.exe
O33 - MountPoints2\{7db69e34-049e-11e2-83f6-00269ea34c97}\Shell - "" = AutoRun
O33 - MountPoints2\{7db69e34-049e-11e2-83f6-00269ea34c97}\Shell\AutoRun\command - "" = F:\ting.exe
O33 - MountPoints2\{d4e35fde-e843-11df-b22c-00269ea34c97}\Shell - "" = AutoRun
O33 - MountPoints2\{d4e35fde-e843-11df-b22c-00269ea34c97}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Ocs_SM - hkey= - key= - C:\Users\Mama\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
MsConfig:64bit - StartUpReg: QlbCtrl.exe - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig:64bit - StartUpReg: QPService - hkey= - key= - C:\Program Files (x86)\HP\QuickPlay\QPService.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: swg - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: WirelessAssistant - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Company)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.dvacm - C:\PROGRA~2\COMMON~1\ULEADS~1\Vio\Dvacm.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\Windows\SysWow64\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.04 19:38:03 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013.01.03 23:02:58 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Radiotracker USB 6
[2013.01.03 23:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PixiePack Codec Pack
[2013.01.03 22:53:05 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Local\RapidSolution
[2013.01.02 21:39:54 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MeGUI
[2013.01.02 21:28:24 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013.01.02 21:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013.01.02 21:28:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2013.01.02 19:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013.01.02 19:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2013.01.02 19:58:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM
[2013.01.02 19:57:47 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Mama\Desktop\revo-uninstaller.exe
[2013.01.02 19:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.12.31 21:50:02 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\HandBrake
[2012.12.31 21:35:11 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Babylon
[2012.12.31 21:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.12.30 23:55:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO
[2012.12.30 23:21:45 | 000,000,000 | ---D | C] -- C:\Users\Mama\Documents\FormatFactory
[2012.12.30 23:05:23 | 000,000,000 | ---D | C] -- C:\FFOutput
[2012.12.30 22:08:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012.12.30 21:48:05 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Broad Intelligence
[2012.12.30 21:48:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaCoder
[2012.12.30 20:56:34 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\systweak
[2012.12.30 20:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
[2012.12.30 20:54:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2012.12.30 00:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2012.12.30 00:15:06 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Local\PC_Drivers_Headquarters
[2012.12.30 00:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Whiz
[2012.12.30 00:03:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Whiz
[2012.12.29 23:19:27 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\FreeCDRipper
[2012.12.29 23:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
[2012.12.29 23:05:35 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDesign.dll
[2012.12.29 23:05:35 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudFile.dll
[2012.12.29 23:05:35 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioInfos.dll
[2012.12.29 23:05:35 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioVisu.dll
[2012.12.29 23:05:35 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudPlayer.dll
[2012.12.29 23:05:35 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioRecord.dll
[2012.12.29 23:05:35 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDisplay.dll
[2012.12.29 23:05:35 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\WMAFile.dll
[2012.12.29 23:05:34 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\FreeAudioPack
[2012.12.29 23:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012.12.29 23:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free mp3 Wma Converter
[2012.12.29 20:59:56 | 000,037,216 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.12.29 20:59:56 | 000,029,536 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.12.29 20:33:12 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Local\VisualBeeExe
[2012.12.29 20:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
[2012.12.29 20:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012.12.29 20:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2012.12.29 20:32:17 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.29 20:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.12.29 20:32:05 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\OpenCandy
[2012.12.29 20:32:05 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\DVDVideoSoft
[2012.12.29 20:32:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.12.29 20:32:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.12.29 20:29:20 | 023,268,496 | ---- | C] (DVDVideoSoft Ltd.                                           ) -- C:\Users\Mama\Desktop\FreeYouTubeDownload3-1-42-12-12.exe
[2012.12.29 20:14:07 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.12.29 20:14:06 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.12.29 20:14:06 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.12.29 20:13:47 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\TuneUp Software
[2012.12.29 20:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.12.29 20:13:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.12.29 20:13:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.12.29 20:13:17 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\4Free
[2012.12.29 20:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Free Video Converter
[2012.12.28 22:28:47 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\NVIDIA
[2012.12.28 22:28:44 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\MOVAVI
[2012.12.28 17:21:37 | 000,000,000 | ---D | C] -- C:\Users\Mama\Desktop\Kinderfilme
[2012.12.18 14:25:42 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Avira
[2012.12.18 14:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.12.18 14:24:16 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Local\APN
[2012.12.18 14:24:08 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.18 14:24:08 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.12.18 14:24:07 | 000,140,936 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2012.12.18 14:24:07 | 000,114,168 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2012.12.18 14:24:07 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.18 14:24:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.12.07 22:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.12.07 22:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.12.07 21:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.04 20:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.04 20:25:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013.01.04 20:14:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.04 20:11:01 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.04 20:11:01 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.04 20:03:08 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.04 20:03:07 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2013.01.04 20:02:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.04 20:02:50 | 3195,211,776 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.04 19:38:04 | 000,001,264 | ---- | M] () -- C:\Users\Mama\Desktop\Revo Uninstaller.lnk
[2013.01.04 18:37:09 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMama.job
[2013.01.03 23:09:40 | 000,000,112 | ---- | M] () -- C:\Windows\Podcasts.INI
[2013.01.03 23:02:59 | 000,001,567 | ---- | M] () -- C:\Users\Mama\Desktop\Radiotracker 6 USB.lnk
[2013.01.03 22:54:51 | 001,486,084 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.03 22:54:51 | 000,648,704 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.03 22:54:51 | 000,611,332 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.03 22:54:51 | 000,128,930 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.03 22:54:51 | 000,105,512 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.03 21:46:28 | 000,002,036 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2013.01.02 21:38:18 | 000,001,890 | ---- | M] () -- C:\Users\Mama\Desktop\IrfanView Thumbnails.lnk
[2013.01.02 21:38:18 | 000,001,002 | ---- | M] () -- C:\Users\Mama\Desktop\IrfanView.lnk
[2013.01.02 19:57:47 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Mama\Desktop\revo-uninstaller.exe
[2012.12.31 22:03:13 | 000,002,271 | ---- | M] () -- C:\Users\Mama\Desktop\Free AVI Video Converter.lnk
[2012.12.31 21:52:53 | 000,076,493 | ---- | M] () -- C:\Users\Mama\Documents\tmp_cover389.jpg
[2012.12.31 21:46:17 | 000,001,343 | ---- | M] () -- C:\Users\Public\Desktop\Free DVD Video Converter.lnk
[2012.12.31 21:46:17 | 000,001,239 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2012.12.31 14:10:47 | 000,370,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.29 23:56:26 | 000,000,580 | ---- | M] () -- C:\Users\Mama\AppData\Local\cookies.ini
[2012.12.29 23:05:37 | 000,001,298 | ---- | M] () -- C:\Users\Mama\Desktop\Free CD Ripper.lnk
[2012.12.29 20:32:13 | 000,001,302 | ---- | M] () -- C:\Users\Mama\Desktop\Free YouTube Download.lnk
[2012.12.29 20:32:13 | 000,001,239 | ---- | M] () -- C:\Users\Mama\Desktop\DVDVideoSoft Free Studio.lnk
[2012.12.29 20:30:10 | 023,268,496 | ---- | M] (DVDVideoSoft Ltd.                                           ) -- C:\Users\Mama\Desktop\FreeYouTubeDownload3-1-42-12-12.exe
[2012.12.28 21:10:23 | 000,001,293 | ---- | M] () -- C:\Users\Mama\Desktop\AVS4YOU Software Navigator.lnk
[2012.12.28 21:10:03 | 000,001,237 | ---- | M] () -- C:\Users\Mama\Desktop\AVS Video Converter.lnk
[2012.12.18 14:25:33 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.12.18 09:42:45 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.18 09:42:45 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.18 09:42:45 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.12.18 09:42:44 | 000,140,936 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2012.12.18 09:42:44 | 000,114,168 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2012.12.12 20:16:29 | 000,002,374 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.10 21:59:08 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMAMA-PC$.job
[2012.12.07 21:57:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
 
========== Files Created - No Company Name ==========
 
[2013.01.03 23:09:40 | 000,000,112 | ---- | C] () -- C:\Windows\Podcasts.INI
[2013.01.03 23:02:59 | 000,001,567 | ---- | C] () -- C:\Users\Mama\Desktop\Radiotracker 6 USB.lnk
[2013.01.03 22:41:29 | 000,001,264 | ---- | C] () -- C:\Users\Mama\Desktop\Revo Uninstaller.lnk
[2013.01.03 21:43:45 | 000,002,036 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2013.01.02 21:28:24 | 000,001,890 | ---- | C] () -- C:\Users\Mama\Desktop\IrfanView Thumbnails.lnk
[2013.01.02 21:28:24 | 000,001,002 | ---- | C] () -- C:\Users\Mama\Desktop\IrfanView.lnk
[2012.12.31 22:03:13 | 000,002,271 | ---- | C] () -- C:\Users\Mama\Desktop\Free AVI Video Converter.lnk
[2012.12.31 21:52:52 | 000,076,493 | ---- | C] () -- C:\Users\Mama\Documents\tmp_cover389.jpg
[2012.12.31 21:46:17 | 000,001,343 | ---- | C] () -- C:\Users\Public\Desktop\Free DVD Video Converter.lnk
[2012.12.31 21:46:17 | 000,001,239 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2012.12.29 23:05:37 | 000,001,298 | ---- | C] () -- C:\Users\Mama\Desktop\Free CD Ripper.lnk
[2012.12.29 23:05:35 | 000,116,296 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx
[2012.12.29 23:05:34 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2012.12.29 20:32:26 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\DriverScanner.job
[2012.12.29 20:32:13 | 000,001,302 | ---- | C] () -- C:\Users\Mama\Desktop\Free YouTube Download.lnk
[2012.12.29 20:32:13 | 000,001,239 | ---- | C] () -- C:\Users\Mama\Desktop\DVDVideoSoft Free Studio.lnk
[2012.12.28 21:10:03 | 000,001,237 | ---- | C] () -- C:\Users\Mama\Desktop\AVS Video Converter.lnk
[2012.12.22 22:07:34 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForMama.job
[2012.12.18 14:25:33 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.12.07 21:57:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012.10.02 21:05:24 | 000,098,344 | ---- | C] () -- C:\Windows\unPMV.exe
[2012.09.02 21:09:12 | 000,010,240 | ---- | C] () -- C:\Users\Mama\Tauflied.wps
[2012.04.17 20:59:43 | 000,000,580 | ---- | C] () -- C:\Users\Mama\AppData\Local\cookies.ini
[2011.10.04 14:23:02 | 000,000,000 | ---- | C] () -- C:\Users\Mama\AppData\Local\{9C066BFF-47FC-4F2D-AE9C-E4356B2BC404}
[2011.01.16 17:39:25 | 000,001,854 | ---- | C] () -- C:\Users\Mama\AppData\Roaming\GhostObjGAFix.xml
[2010.02.27 20:02:41 | 000,012,288 | ---- | C] () -- C:\Users\Mama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.31 20:59:30 | 000,000,940 | ---- | C] () -- C:\Users\Mama\AppData\Roaming\wklnhst.dat
[2009.09.25 00:55:02 | 000,001,347 | ---- | C] () -- C:\ProgramData\hpqp.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.29 20:13:17 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\4Free
[2012.12.31 21:35:11 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Babylon
[2012.12.30 23:43:42 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Broad Intelligence
[2011.12.30 20:53:24 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.12.31 14:09:25 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DesktopIconForAmazon
[2012.12.31 22:03:12 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DVDVideoSoft
[2012.12.29 20:32:17 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.31 14:09:25 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\FreeAudioPack
[2012.12.29 23:19:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\FreeCDRipper
[2012.12.31 21:50:02 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\HandBrake
[2012.11.03 19:53:49 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Incredibar
[2013.01.02 21:26:41 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\IrfanView
[2012.12.28 23:05:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MOVAVI
[2011.12.26 23:03:09 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\OCS
[2012.12.31 21:46:06 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\OpenCandy
[2012.12.31 14:07:38 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Opera
[2011.10.04 21:37:13 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Reviversoft
[2012.10.02 21:05:57 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SoftMaker
[2013.01.03 22:05:19 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\systweak
[2010.01.31 20:59:31 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Template
[2012.12.29 20:13:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\TuneUp Software
[2010.02.04 20:19:27 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Ulead Systems
[2011.12.26 23:19:05 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Visan
[2013.01.02 22:02:38 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\WildTangent
[2010.11.29 17:38:58 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\XSManager
[2012.12.23 18:30:26 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\_MDLogs
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.12.29 20:13:17 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\4Free
[2011.12.30 20:49:07 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Adobe
[2010.11.04 20:22:37 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\ArcSoft
[2012.12.18 14:25:42 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Avira
[2012.12.28 21:10:35 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\AVS4YOU
[2012.12.31 21:35:11 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Babylon
[2012.12.30 23:43:42 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Broad Intelligence
[2011.12.30 20:53:24 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010.07.19 10:19:08 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\CyberLink
[2012.12.31 14:09:25 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DesktopIconForAmazon
[2012.12.31 22:03:12 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DVDVideoSoft
[2012.12.29 20:32:17 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.31 14:09:25 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\FreeAudioPack
[2012.12.29 23:19:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\FreeCDRipper
[2010.01.29 20:00:45 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Google
[2012.12.31 21:50:02 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\HandBrake
[2010.03.09 20:42:30 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Hewlett-Packard
[2010.04.07 19:44:25 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\HP Support Assistant
[2010.01.29 12:14:17 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\HP TCS
[2012.12.29 21:12:05 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\hpqlog
[2012.12.29 21:12:05 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\HpUpdate
[2010.01.29 12:22:56 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Identities
[2012.11.03 19:53:49 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Incredibar
[2013.01.02 21:26:41 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\IrfanView
[2010.01.29 12:25:34 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Macromedia
[2009.09.25 10:18:48 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Media Center Programs
[2013.01.03 23:02:58 | 000,000,000 | --SD | M] -- C:\Users\Mama\AppData\Roaming\Microsoft
[2012.12.28 23:05:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MOVAVI
[2012.12.28 22:28:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\NVIDIA
[2011.12.26 23:03:09 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\OCS
[2012.12.31 21:46:06 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\OpenCandy
[2012.12.31 14:07:38 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Opera
[2011.10.04 21:37:13 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Reviversoft
[2012.09.05 21:10:09 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Skype
[2012.10.02 21:05:57 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SoftMaker
[2011.08.09 12:48:31 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Sony Corporation
[2013.01.03 22:05:19 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\systweak
[2010.01.31 20:59:31 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Template
[2012.12.29 20:13:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\TuneUp Software
[2011.07.14 19:00:28 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\U3
[2010.02.04 20:19:27 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Ulead Systems
[2011.12.26 23:19:05 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Visan
[2013.01.02 22:02:38 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\WildTangent
[2010.11.29 17:38:58 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\XSManager
[2012.12.23 18:30:26 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\_MDLogs
 
< %APPDATA%\*.exe /s >
[2011.12.26 23:03:07 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Mama\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2012.11.03 19:53:50 | 000,464,752 | ---- | M] () -- C:\Users\Mama\AppData\Roaming\Incredibar\incredibar_install.exe
[2011.12.30 20:49:04 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Mama\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2013.01.03 23:02:58 | 000,017,542 | R--- | M] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Installer\{972D6199-7C5C-457D-9B21-5550BACE5439}\audials_one_installer.exe
[2013.01.03 23:02:58 | 000,017,542 | R--- | M] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Installer\{972D6199-7C5C-457D-9B21-5550BACE5439}\ext.exe
[2013.01.03 23:02:58 | 000,017,542 | R--- | M] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Installer\{972D6199-7C5C-457D-9B21-5550BACE5439}\ext_1.exe
[2013.01.03 23:02:58 | 000,017,542 | R--- | M] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Installer\{972D6199-7C5C-457D-9B21-5550BACE5439}\ext_2.exe
[2013.01.03 23:02:58 | 000,017,542 | R--- | M] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Installer\{972D6199-7C5C-457D-9B21-5550BACE5439}\ext_3.exe
[2013.01.03 23:02:58 | 000,017,542 | R--- | M] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Installer\{972D6199-7C5C-457D-9B21-5550BACE5439}\ext_4.exe
[2013.01.03 23:02:58 | 000,017,542 | R--- | M] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Installer\{972D6199-7C5C-457D-9B21-5550BACE5439}\ext_5.exe
[2013.01.03 23:02:58 | 000,017,542 | R--- | M] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Installer\{972D6199-7C5C-457D-9B21-5550BACE5439}\ext_6.exe
[2013.01.03 23:02:58 | 000,017,542 | R--- | M] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Installer\{972D6199-7C5C-457D-9B21-5550BACE5439}\ext_7.exe
[2013.01.03 23:02:58 | 000,017,542 | R--- | M] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Installer\{972D6199-7C5C-457D-9B21-5550BACE5439}\ext_8.exe
[2013.01.03 23:02:58 | 000,014,534 | R--- | M] () -- C:\Users\Mama\AppData\Roaming\Microsoft\Installer\{972D6199-7C5C-457D-9B21-5550BACE5439}\SystemFolder_msiexec.exe
[2011.12.26 23:03:09 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Mama\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2011.12.26 23:03:09 | 000,040,960 | ---- | M] () -- C:\Users\Mama\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2012.04.20 18:15:14 | 005,837,400 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\Mama\AppData\Roaming\OpenCandy\1FBF429A6C8C4E0DBDD828239B63A569\speedupmypcDE.exe
[2012.12.28 03:23:54 | 005,504,288 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\Mama\AppData\Roaming\OpenCandy\E7FAE3C0A09740C1AF9A12E96710C3FA\driverscannerDE.exe
[2012.12.29 20:32:20 | 005,596,272 | ---- | M] () -- C:\Users\Mama\AppData\Roaming\OpenCandy\E7FAE3C0A09740C1AF9A12E96710C3FA\driverscannerDE_p2v0.exe
[2012.12.29 20:32:06 | 000,302,448 | ---- | M] (OpenCandy) -- C:\Users\Mama\AppData\Roaming\OpenCandy\E7FAE3C0A09740C1AF9A12E96710C3FA\LatestDLMgr.exe
[2012.10.12 19:10:16 | 003,330,032 | ---- | M] () -- C:\Users\Mama\AppData\Roaming\OpenCandy\E96BB6FDB3134FB9B2B110CEF19E385F\INTERNALWRAPPER.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.10.25 20:02:31 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2012.10.25 20:02:31 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2012.11.14 03:14:59 | 009,738,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll

< End of report >

--- --- ---
/CODE]

ryder · 05.01.2013, 11:55

Aber Mutti ... wer hat dir denn gezwitschert, dass du einen Customscan machen sollst?

Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.

Zitat:

Lesestoff:
Regeln für die Bereinigung
Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt Rückmeldung (Logfile oder Antwort) und zwar gesammelt, wenn du alles erledigt hast, in einer Antwort.

Nur Scanns durchführen zu denen Du aufgefordert wirst.

Bitte kein Crossposting (posten in mehreren Foren).

Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.

Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.

Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags - #-Symbol im Editor anklicken). Nicht anhängen oder zippen, außer ich fordere Dich dazu auf, oder das Logfile wäre zu gross. Erschwert mir nämlich das Auswerten.

Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss.

Beim ersten Anzeichen illegal genutzer Software (Cracks, Patches und Co) wird der Support ohne Diskussion eingestellt.

Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.

Ich werde dir ganz deutlich mitteilen, dass du "sauber" bist. Bis dahin arbeite bitte gut mit.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.

Gelesen und verstanden?

Schritt 1:
Deinstallation von Programmen

Windows XP: Start > Systemsteuerung > Software > [Programmname] > Deinstallieren

Windows Vista / 7: Start > Systemsteuerung > Programme und Funktionen > [Programmname] > Deinstallieren

ggf. Neustart zulassen

Deinstalliere - falls du es nicht absichtlich installiert hast - alles was den Zusatz "Toolbar" enthält.

Gehe bitte die folgende Liste durch und deinstalliere die genannten Programme, falls vorhanden:
CCleaner oder andere Registry-Cleaner, TuneUp Utilities (inkl. Language Pack), Spybot S & D (inklusive Teatimer), Zonealarm Firewall, McAfee Security Scan, Spyware Hunter, Spyware Terminator, Java 6 (alle), Pokersoftware, xp-Antispy

Schritt 2:
AdwCleaner: Werbeprogramme suchen und löschen

Downloade Dir bitte AdwCleaner auf deinen Desktop.
Starte die adwcleaner.exe mit einem Doppelklick.

Klicke auf Löschen.

Bestätige jeweils mit Ok.

Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.

Poste mir den Inhalt mit deiner nächsten Antwort.

Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 3:
Temporäre Dateien löschen mit TFC

Bitte lade dir TFC auf deinen Desktop und starte es. Es wird automatisch alle temporären Dateien entfernen.

Schritt 4:
Scan mit DDS (+ attach)

Downloade dir bitte DDS (von sUBs) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.

dds.com | dds.scr | dds.pif
Schließe alle laufenden Programme und starte DDS mit Doppelklick.

Der Desktop wird verschwinden, das ist normal.

Stelle folgendes ein:

[X] dds.txt
[X] attach.txt
[ ] options for dds.txt

Ändere keine Einstellung ohne Anweisung.

Klicke auf Start.

Es werden 2 Logfiles auf deinem Desktop erstellt.
dds.txt

attach.txt

Poste die beiden Logfile hier, möglichst in CODE-Tags.

Mama · 05.01.2013, 11:59

Hallo ryder,

danke für Dein Angebot mir zu helfen, es wäre super wenn wir es hinbekommen würden.
Ich bin aber leider ein Laie und bin auch zum ersten Mal in einem Rorum...brauche manchmal etwas mehr Zeit, um mich hier zu orientieren!

Ich habe noch ein anderen Editor extra Code erhalten, ich poste den lieber auch...

ryder · 05.01.2013, 12:01

Ja, mach das und dann arbeite meine Schritte ab

Mama · 05.01.2013, 12:18

Ryder...Bitte Mama und nicht Mutti....so alt bin ich noch nicht :-)

Achso, ich nahm an, Du bist von meinem Ausgangspostin dem ersten Hilfeschrei ausgegangen, da meinet ich, dass ich ein OTL-Quick Scan gemacht hatte und mir 2 Editor Felder geöffnet wurden un ich nicht wusste nicht in welchen Thread ich dies einfügen sollte...
brauchst Du nun noch den Inhalt von dem 2. Editor extra?

Bevor ich Deine 4 Schritte abarbeite, muß ich mir alle wichtigen Inhalte vom PC auf eine extern Festplatte ziehen oder ist es nicht unbedingt notwendig?

Code:

ATTFilter

OTL Extras logfile created on: 04.01.2013 20:50:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mama\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,41% Memory free
7,93 Gb Paging File | 5,99 Gb Available in Paging File | 75,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,36 Gb Total Space | 189,51 Gb Free Space | 66,41% Space Free | Partition Type: NTFS
Drive D: | 12,53 Gb Total Space | 2,10 Gb Free Space | 16,74% Space Free | Partition Type: NTFS
 
Computer Name: MAMA-PC | User Name: Mama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-891449488-2511249802-2422203187-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C2E8D0-6A5D-4CAC-96CB-0493C0A3D2EF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{09B17A07-7A50-4391-8E3E-BD090C6A6553}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{0B61CB88-3F30-4943-89D7-3198AB377DE9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{24F01941-F47C-47D1-93F1-22193D8D8AE2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{270A6672-9FD8-4E23-AB14-87D2B415321F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{31693DE2-659C-408E-9788-634A65DD6878}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3434FE89-273C-4889-A592-908531D575FC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{653E8C53-E6B1-41EC-936A-AE9056D79BAA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{89DB4CA0-1238-4E44-8D6B-AA4A26BF2CDE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8B8476BF-C63A-40E6-A08A-8D9535A5DE97}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{902B0104-0D64-4B50-927A-8A5F2F42EF5F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{970D85CF-DBAA-4FE4-8628-93CD5F01230D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{975A663B-0AC7-46D7-9176-5EDC8AA9337B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9B54E3E6-E948-4438-BADE-B0FB4664BD8C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A019367C-D70B-4C63-B27D-3690E7E7F55D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A7265AAB-EC1B-49E6-A8A1-2D6068340C06}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{ACEE9D9D-E01A-4190-A882-75855A501DA1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B2B61251-EE70-4B51-A3E3-DC3AAB04B81D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B3489859-269C-4CD8-A2AA-F4932AFCB0B2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C01C6D0C-852A-4551-A2EF-6B9BEC92DD44}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DBD8A9C4-21E8-4AB6-8E93-4F492217E385}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EED3ADCC-7BA4-41EC-8BD3-B56DD36240F4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FBC2E3D7-D32D-4168-ACEB-A2AFAEA8FF49}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B92B84-4470-40BC-8EC2-DFFBD9B0D4FB}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{05C7D133-70B1-48CB-A37A-B07455E8E190}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{071DEDAC-54E0-4F33-BE7E-DB508D00B191}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{097C9F52-D536-421C-84E2-522A070049DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2555619E-0B26-4CD5-9C0D-0FADD22BDD13}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe | 
"{301E0704-831B-48D2-9DD5-E09C45B747A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3E2772C5-8FE6-4F0D-8F5D-353440361BDF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{40465E21-1FC1-4075-BB50-CF0623A84B49}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4D0735D7-7BF1-42A6-B424-8F5943124937}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4D3A716F-2783-4D65-BAD6-E1ADDF923BDD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4F66FD73-FA36-4465-AF1C-9CDB070922FA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5A2364FE-317E-4341-867A-550FBD2BEAE9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6EC14F00-12D8-4B8F-8FC6-B1D090DF5325}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6F6D8FDE-C611-40BD-9AD6-2026D559E6C6}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe | 
"{790F452C-B797-4231-9D93-7FDD4FD6C40F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7BD23715-120A-4A54-A545-ADE51BF7D228}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{81ABD228-C5C4-4B60-8E8F-825887EC185B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{85F41011-8F60-4EA5-A35B-A4EA89C44DA6}" = protocol=6 | dir=out | app=system | 
"{8979B95A-65B0-43FC-A67C-E567BC35CAD2}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{97101D6C-153D-41B6-9503-8B09621EADAC}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{9F99325C-AEF7-4572-8A75-AD79F00F46AE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A878E434-9976-493F-BD6E-D4DE420A326A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AECC7FE0-49A6-4E33-9451-F66DDEB083C9}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{B48B5E01-F54E-4772-B2E8-4F155216605F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C01B2CD8-F786-4CC8-A50F-C5711C507F69}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EAA2C27B-CDD3-4116-B7D1-BBECF99BD9BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FA07D88A-54E9-4080-8718-1951C020B433}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 276.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 276.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"CCleaner" = CCleaner
"DesktopIconAmazon" = Desktop Icon für Amazon
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SearchAnonymizer" = SearchAnonymizer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{293F900D-3743-A8CC-46AD-5AFBFF8E29CF}" = muvee Reveal
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead Movie Wizard SE VCD
"{544FB392-069D-4BA5-9DC7-FFD47230AEE5}" = Photohands 1.0G
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}" = SweetPacks bundle uninstaller
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{972D6199-7C5C-457D-9B21-5550BACE5439}" = Radiotracker USB
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D4ACEA9C-5597-4B1C-BF07-AA44BBDD3F87}" = ArcSoft TotalMedia TV
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Internet Security
"AVS Photo Editor_is1" = AVS Photo Editor
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS Video ReMaker_is1" = AVS Video ReMaker 3.1.1.83
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"EasyBits Magic Desktop" = Magic Desktop
"EPSON Scanner" = EPSON Scan
"ESDX6000_CX5900 Benutzerhandb." = ESDX6000_CX5900 Benutzerhandb.
"etope Lister_is1" = 1.36
"Free AVI Video Converter_is1" = Free AVI Video Converter version 5.0.21.1212
"Free DVD Video Converter_is1" = Free DVD Video Converter version 2.0.13.1212
"Free YouTube Download_is1" = Free YouTube Download version 3.1.42.1212
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"IrfanView" = IrfanView (remove only)
"MeGUI modern media encoder" = MeGUI modern media encoder (remove only)
"PlanMaker Viewer" = PlanMaker Viewer
"Revo Uninstaller" = Revo Uninstaller 1.94
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"XSManager" = XSManager
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-891449488-2511249802-2422203187-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.01.2013 13:38:25 | Computer Name = Mama-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 04.01.2013 13:38:25 | Computer Name = Mama-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 04.01.2013 13:38:25 | Computer Name = Mama-PC | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 04.01.2013 13:51:57 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 04.01.2013 14:34:03 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 04.01.2013 14:37:33 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 04.01.2013 15:03:19 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 04.01.2013 15:27:46 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Mama\Downloads\SoftonicDownloader_fuer_4free-video-converter.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 04.01.2013 15:27:46 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Mama\Downloads\SoftonicDownloader_fuer_audio-video-converter.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 04.01.2013 15:27:46 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Mama\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
[ Hewlett-Packard Events ]
Error - 29.11.2012 16:48:14 | Computer Name = Mama-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 4062  Ram Utilization: 30  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 29.11.2012 16:58:14 | Computer Name = Mama-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 4062  Ram Utilization: 30  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 29.11.2012 16:58:14 | Computer Name = Mama-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 4062  Ram Utilization: 30  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 29.11.2012 16:58:15 | Computer Name = Mama-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 4062  Ram Utilization: 30  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 29.11.2012 17:08:15 | Computer Name = Mama-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 4062  Ram Utilization: 30  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 29.11.2012 17:08:16 | Computer Name = Mama-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 4062  Ram Utilization: 30  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 29.11.2012 17:08:16 | Computer Name = Mama-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 4062  Ram Utilization: 30  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 29.11.2012 17:09:04 | Computer Name = Mama-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 4062  Ram Utilization: 40  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 29.11.2012 17:09:04 | Computer Name = Mama-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 4062  Ram Utilization: 40  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 29.11.2012 17:09:05 | Computer Name = Mama-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 4062  Ram Utilization: 40  TargetSite: Void loadActiveCheckResult(Boolean)  
 
[ HP Software Framework Events ]
Error - 16.11.2012 16:15:54 | Computer Name = Mama-PC | Source = CaslSmBios | ID = 5
Description = 2012.11.16 21:15:54.649|000007FC|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 16.11.2012 16:15:54 | Computer Name = Mama-PC | Source = CaslSmBios | ID = 5
Description = 2012.11.16 21:15:54.675|000007FC|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 16.11.2012 16:15:54 | Computer Name = Mama-PC | Source = CaslSmBios | ID = 5
Description = 2012.11.16 21:15:54.700|000007FC|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 03.01.2013 17:30:03 | Computer Name = Mama-PC | Source = CaslSmBios | ID = 5
Description = 2013.01.03 22:30:03.469|00000F9C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 03.01.2013 17:30:03 | Computer Name = Mama-PC | Source = CaslSmBios | ID = 5
Description = 2013.01.03 22:30:03.564|00000F9C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 03.01.2013 17:30:03 | Computer Name = Mama-PC | Source = CaslSmBios | ID = 5
Description = 2013.01.03 22:30:03.592|00000F9C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 03.01.2013 17:30:03 | Computer Name = Mama-PC | Source = CaslSmBios | ID = 5
Description = 2013.01.03 22:30:03.619|00000F9C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 03.01.2013 17:30:03 | Computer Name = Mama-PC | Source = CaslSmBios | ID = 5
Description = 2013.01.03 22:30:03.647|00000F9C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 03.01.2013 17:30:03 | Computer Name = Mama-PC | Source = CaslSmBios | ID = 5
Description = 2013.01.03 22:30:03.674|00000F9C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 03.01.2013 17:30:03 | Computer Name = Mama-PC | Source = CaslSmBios | ID = 5
Description = 2013.01.03 22:30:03.701|00000F9C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
[ System Events ]
Error - 03.01.2013 17:32:59 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Compaq Dfw" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 03.01.2013 17:32:59 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Compaq Dfw" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 03.01.2013 17:51:43 | Computer Name = Mama-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 03.01.2013 17:51:43 | Computer Name = Mama-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 03.01.2013 17:51:44 | Computer Name = Mama-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 03.01.2013 17:51:44 | Computer Name = Mama-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 03.01.2013 17:51:45 | Computer Name = Mama-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 04.01.2013 13:38:25 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 04.01.2013 13:38:26 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 04.01.2013 13:38:56 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
 
< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 04.01.2013 20:50:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mama\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,41% Memory free
7,93 Gb Paging File | 5,99 Gb Available in Paging File | 75,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,36 Gb Total Space | 189,51 Gb Free Space | 66,41% Space Free | Partition Type: NTFS
Drive D: | 12,53 Gb Total Space | 2,10 Gb Free Space | 16,74% Space Free | Partition Type: NTFS
 
Computer Name: MAMA-PC | User Name: Mama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-891449488-2511249802-2422203187-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C2E8D0-6A5D-4CAC-96CB-0493C0A3D2EF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{09B17A07-7A50-4391-8E3E-BD090C6A6553}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{0B61CB88-3F30-4943-89D7-3198AB377DE9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{24F01941-F47C-47D1-93F1-22193D8D8AE2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{270A6672-9FD8-4E23-AB14-87D2B415321F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{31693DE2-659C-408E-9788-634A65DD6878}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3434FE89-273C-4889-A592-908531D575FC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{653E8C53-E6B1-41EC-936A-AE9056D79BAA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{89DB4CA0-1238-4E44-8D6B-AA4A26BF2CDE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8B8476BF-C63A-40E6-A08A-8D9535A5DE97}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{902B0104-0D64-4B50-927A-8A5F2F42EF5F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{970D85CF-DBAA-4FE4-8628-93CD5F01230D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{975A663B-0AC7-46D7-9176-5EDC8AA9337B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9B54E3E6-E948-4438-BADE-B0FB4664BD8C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A019367C-D70B-4C63-B27D-3690E7E7F55D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A7265AAB-EC1B-49E6-A8A1-2D6068340C06}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{ACEE9D9D-E01A-4190-A882-75855A501DA1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B2B61251-EE70-4B51-A3E3-DC3AAB04B81D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B3489859-269C-4CD8-A2AA-F4932AFCB0B2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C01C6D0C-852A-4551-A2EF-6B9BEC92DD44}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DBD8A9C4-21E8-4AB6-8E93-4F492217E385}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EED3ADCC-7BA4-41EC-8BD3-B56DD36240F4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FBC2E3D7-D32D-4168-ACEB-A2AFAEA8FF49}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B92B84-4470-40BC-8EC2-DFFBD9B0D4FB}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{05C7D133-70B1-48CB-A37A-B07455E8E190}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{071DEDAC-54E0-4F33-BE7E-DB508D00B191}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{097C9F52-D536-421C-84E2-522A070049DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2555619E-0B26-4CD5-9C0D-0FADD22BDD13}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe | 
"{301E0704-831B-48D2-9DD5-E09C45B747A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3E2772C5-8FE6-4F0D-8F5D-353440361BDF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{40465E21-1FC1-4075-BB50-CF0623A84B49}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4D0735D7-7BF1-42A6-B424-8F5943124937}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4D3A716F-2783-4D65-BAD6-E1ADDF923BDD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4F66FD73-FA36-4465-AF1C-9CDB070922FA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5A2364FE-317E-4341-867A-550FBD2BEAE9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6EC14F00-12D8-4B8F-8FC6-B1D090DF5325}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6F6D8FDE-C611-40BD-9AD6-2026D559E6C6}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe | 
"{790F452C-B797-4231-9D93-7FDD4FD6C40F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7BD23715-120A-4A54-A545-ADE51BF7D228}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{81ABD228-C5C4-4B60-8E8F-825887EC185B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{85F41011-8F60-4EA5-A35B-A4EA89C44DA6}" = protocol=6 | dir=out | app=system | 
"{8979B95A-65B0-43FC-A67C-E567BC35CAD2}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{97101D6C-153D-41B6-9503-8B09621EADAC}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{9F99325C-AEF7-4572-8A75-AD79F00F46AE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A878E434-9976-493F-BD6E-D4DE420A326A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AECC7FE0-49A6-4E33-9451-F66DDEB083C9}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{B48B5E01-F54E-4772-B2E8-4F155216605F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C01B2CD8-F786-4CC8-A50F-C5711C507F69}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EAA2C27B-CDD3-4116-B7D1-BBECF99BD9BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FA07D88A-54E9-4080-8718-1951C020B433}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 276.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 276.00
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"CCleaner" = CCleaner
"DesktopIconAmazon" = Desktop Icon für Amazon
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SearchAnonymizer" = SearchAnonymizer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{293F900D-3743-A8CC-46AD-5AFBFF8E29CF}" = muvee Reveal
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead Movie Wizard SE VCD
"{544FB392-069D-4BA5-9DC7-FFD47230AEE5}" = Photohands 1.0G
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}" = SweetPacks bundle uninstaller
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{972D6199-7C5C-457D-9B21-5550BACE5439}" = Radiotracker USB
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D4ACEA9C-5597-4B1C-BF07-AA44BBDD3F87}" = ArcSoft TotalMedia TV
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Internet Security
"AVS Photo Editor_is1" = AVS Photo Editor
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS Video ReMaker_is1" = AVS Video ReMaker 3.1.1.83
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"EasyBits Magic Desktop" = Magic Desktop
"EPSON Scanner" = EPSON Scan
"ESDX6000_CX5900 Benutzerhandb." = ESDX6000_CX5900 Benutzerhandb.
"etope Lister_is1" = 1.36
"Free AVI Video Converter_is1" = Free AVI Video Converter version 5.0.21.1212
"Free DVD Video Converter_is1" = Free DVD Video Converter version 2.0.13.1212
"Free YouTube Download_is1" = Free YouTube Download version 3.1.42.1212
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"IrfanView" = IrfanView (remove only)
"MeGUI modern media encoder" = MeGUI modern media encoder (remove only)
"PlanMaker Viewer" = PlanMaker Viewer
"Revo Uninstaller" = Revo Uninstaller 1.94
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"XSManager" = XSManager
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-891449488-2511249802-2422203187-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.01.2013 13:38:25 | Computer Name = Mama-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 04.01.2013 13:38:25 | Computer Name = Mama-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 04.01.2013 13:38:25 | Computer Name = Mama-PC | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 04.01.2013 13:51:57 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 04.01.2013 14:34:03 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 04.01.2013 14:37:33 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 04.01.2013 15:03:19 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 04.01.2013 15:27:46 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Mama\Downloads\SoftonicDownloader_fuer_4free-video-converter.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 04.01.2013 15:27:46 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Mama\Downloads\SoftonicDownloader_fuer_audio-video-converter.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 04.01.2013 15:27:46 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Mama\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
[ Hewlett-Packard Events ]
Error - 29.11.2012 16:48:14 | Computer Name = Mama-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 4062  Ram Utilization: 30  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 29.11.2012 16:58:14 | Computer Name = Mama-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 4062  Ram Utilization: 30  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 29.11.2012 16:58:14 | Computer Name = Mama-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 4062  Ram Utilization: 30  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 29.11.2012 16:58:15 | Computer Name = Mama-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 4062  Ram Utilization: 30  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 29.11.2012 17:08:15 | Computer Name = Mama-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 4062  Ram Utilization: 30  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 29.11.2012 17:08:16 | Computer Name = Mama-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 4062  Ram Utilization: 30  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 29.11.2012 17:08:16 | Computer Name = Mama-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 4062  Ram Utilization: 30  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 29.11.2012 17:09:04 | Computer Name = Mama-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 4062  Ram Utilization: 40  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 29.11.2012 17:09:04 | Computer Name = Mama-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 4062  Ram Utilization: 40  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 29.11.2012 17:09:05 | Computer Name = Mama-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
   bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE
RAM:
 4062  Ram Utilization: 40  TargetSite: Void loadActiveCheckResult(Boolean)  
 
[ HP Software Framework Events ]
Error - 16.11.2012 16:15:54 | Computer Name = Mama-PC | Source = CaslSmBios | ID = 5
Description = 2012.11.16 21:15:54.649|000007FC|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 16.11.2012 16:15:54 | Computer Name = Mama-PC | Source = CaslSmBios | ID = 5
Description = 2012.11.16 21:15:54.675|000007FC|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 16.11.2012 16:15:54 | Computer Name = Mama-PC | Source = CaslSmBios | ID = 5
Description = 2012.11.16 21:15:54.700|000007FC|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 03.01.2013 17:30:03 | Computer Name = Mama-PC | Source = CaslSmBios | ID = 5
Description = 2013.01.03 22:30:03.469|00000F9C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 03.01.2013 17:30:03 | Computer Name = Mama-PC | Source = CaslSmBios | ID = 5
Description = 2013.01.03 22:30:03.564|00000F9C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 03.01.2013 17:30:03 | Computer Name = Mama-PC | Source = CaslSmBios | ID = 5
Description = 2013.01.03 22:30:03.592|00000F9C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 03.01.2013 17:30:03 | Computer Name = Mama-PC | Source = CaslSmBios | ID = 5
Description = 2013.01.03 22:30:03.619|00000F9C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 03.01.2013 17:30:03 | Computer Name = Mama-PC | Source = CaslSmBios | ID = 5
Description = 2013.01.03 22:30:03.647|00000F9C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 03.01.2013 17:30:03 | Computer Name = Mama-PC | Source = CaslSmBios | ID = 5
Description = 2013.01.03 22:30:03.674|00000F9C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 03.01.2013 17:30:03 | Computer Name = Mama-PC | Source = CaslSmBios | ID = 5
Description = 2013.01.03 22:30:03.701|00000F9C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
[ System Events ]
Error - 03.01.2013 17:32:59 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Compaq Dfw" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 03.01.2013 17:32:59 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Compaq Dfw" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 03.01.2013 17:51:43 | Computer Name = Mama-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 03.01.2013 17:51:43 | Computer Name = Mama-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 03.01.2013 17:51:44 | Computer Name = Mama-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 03.01.2013 17:51:44 | Computer Name = Mama-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 03.01.2013 17:51:45 | Computer Name = Mama-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 04.01.2013 13:38:25 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 04.01.2013 13:38:26 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 04.01.2013 13:38:56 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
 
< End of report >

ryder · 05.01.2013, 12:24

Das ist nicht nötig. Wir schaffen das auch so.

Also los!

Mama · 05.01.2013, 12:52

Schritt 2 ist vollzogen...hier die Antwort...

Code:

ATTFilter

# AdwCleaner v2.104 - Datei am 05/01/2013 um 12:44:17 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Mama - MAMA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mama\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_home.sweetim.com_0.localstorage
Datei Gelöscht : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_home.sweetim.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Mama\AppData\Local\APN
Ordner Gelöscht : C:\Users\Mama\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpimglhojapikoeeifcifanbeinephdm
Ordner Gelöscht : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Ordner Gelöscht : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Ordner Gelöscht : C:\Users\Mama\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Mama\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Mama\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Mama\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Alexa Internet
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\dpimglhojapikoeeifcifanbeinephdm
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKCU\Software\5b08f8bb335e941
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3241949
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5b08f8bb335e941
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dpimglhojapikoeeifcifanbeinephdm
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page Restore] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3241949 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=06ab7950000000000000904ce52d3420&tlver=1.4.19.14&affID=17163 --> hxxp://www.google.com

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.15] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?crg=3.1010006.10028&barid={570AF3[...]
Gelöscht [l.1839] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?crg=3.1010006.10028&barid={570AF300-[...]

*************************

AdwCleaner[S1].txt - [12267 octets] - [05/01/2013 12:44:17]

########## EOF - C:\AdwCleaner[S1].txt - [12328 octets] ##########

Schritt 4 ist auch erledigt...

Code:

ATTFilter

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.DDS Logfile:
DDS Logfile:
DDS Logfile:

	Code: 

 ATTFilter

  
	DDS (Ver_2012-11-05.02)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 29.01.2010 12:11:50
System Uptime: 05.01.2013 12:55:04 (1 hours ago)
.
Motherboard: Quanta |  | 306C
Processor: Intel(R) Core(TM)2 Duo CPU     T6600  @ 2.20GHz | CPU | 2200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 188,253 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 2,097 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: ROOT\LEGACY_TUNEUPUTILITIESDRV\0000
Manufacturer: 
Name: 
PNP Device ID: ROOT\LEGACY_TUNEUPUTILITIESDRV\0000
Service: 
.
==== System Restore Points ===================
.
RP921: 01.01.2013 22:01:58 - Windows-Sicherung
RP922: 02.01.2013 20:00:53 - Revo Uninstaller's restore point - TuneUp Utilities 2013
RP923: 02.01.2013 20:06:28 - Revo Uninstaller's restore point - TuneUp Utilities 2013
RP924: 02.01.2013 20:09:43 - Revo Uninstaller's restore point - TuneUp Utilities 2013
RP925: 02.01.2013 20:28:07 - Revo Uninstaller's restore point - Uniblue DriverScanner
RP926: 02.01.2013 20:31:16 - Revo Uninstaller's restore point - Uniblue DriverScanner
RP927: 02.01.2013 20:43:15 - Revo Uninstaller's restore point - 4Free Video Converter 2
RP928: 02.01.2013 20:59:19 - Revo Uninstaller's restore point - PowerDirector
RP929: 02.01.2013 21:00:02 - Konfiguriert PowerDirector
RP930: 02.01.2013 21:16:36 - Revo Uninstaller's restore point - Free Mp3 Wma Converter V 2.2
RP931: 02.01.2013 21:24:51 - Revo Uninstaller's restore point - IrfanView (remove only)
RP932: 02.01.2013 22:13:34 - RegClean Pro Mi, Jan 02, 13  22:13
RP933: 03.01.2013 21:25:34 - Revo Uninstaller's restore point - VTech Download Manager
RP934: 03.01.2013 21:42:15 - Revo Uninstaller's restore point - RegClean Pro
RP935: 03.01.2013 21:52:32 - Revo Uninstaller's restore point - RegClean Pro
RP936: 03.01.2013 22:20:52 - Windows Update
RP937: 04.01.2013 20:52:51 - OTL Restore Point - 04.01.2013 20:52:49
RP938: 05.01.2013 12:30:49 - Removed Internet Explorer Toolbar 4.6 by SweetPacks
RP939: 05.01.2013 12:35:30 - Removed Java(TM) 6 Update 37
RP940: 05.01.2013 12:38:43 - Removed Java(TM) 6 Update 14 (64-bit)
.
==== Installed Programs ======================
.
1.36
Acrobat.com
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1 MUI
Adobe Shockwave Player 11.6
ArcSoft TotalMedia TV
Atheros Driver Installation Program
Avira Internet Security
AVS Photo Editor
AVS Update Manager 1.0
AVS Video Converter 8
AVS Video Editor 4
AVS Video Recorder 2.4
AVS Video ReMaker 3.1.1.83
AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator 1.4
Compatibility Pack für 2007 Office System
CyberLink DVD Suite
CyberLink YouCam
EPSON-Drucker-Software
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
ESDX6000_CX5900 Benutzerhandb.
Free AVI Video Converter version 5.0.21.1212
Free DVD Video Converter version 2.0.13.1212
Free YouTube Download version 3.1.42.1212
Google Chrome
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.1.1
HP Advisor
HP Customer Experience Enhancements
HP DVD Play 3.7
HP Games
HP Photo Creations
HP Quick Launch Buttons
HP Setup
HP Support Assistant
HP Update
HP User Guides 0148
HP Wireless Assistant
IDT Audio
IrfanView (remove only)
Junk Mail filter update
LabelPrint
LightScribe System Software
Magic Desktop
MeGUI modern media encoder (remove only)
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Excel Viewer
Microsoft Office File Validation Add-In
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
muvee Reveal
NVIDIA Drivers
NVIDIA Grafiktreiber 276.00
NVIDIA Install Application
NVIDIA Systemsteuerung 276.00
NVIDIA Update 1.3.12
NVIDIA Update Components
Photohands 1.0G
PIF DESIGNER
PixiePack Codec Pack
PlanMaker Viewer
Power2Go
PowerRecover
QLBCASL
Radiotracker USB
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Revo Uninstaller 1.94
SearchAnonymizer
Skype Click to Call
Skype™ 5.10
SweetPacks bundle uninstaller
swMSM
Synaptics Pointing Device Driver
TuneUp Utilities Language Pack (de-DE)
Ulead Movie Wizard SE VCD
VTech Download Agent Library
Windows Live-Uploadtool
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live Mail
Windows Live Movie Maker
Windows Live Toolbar
Windows Live Writer
XSManager
.
==== End Of File ===========================
         
 
 Code: 

 ATTFilter
 
 DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457
Run by Mama at 13:29:30 on 2013-01-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4063.2886 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Avira FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Users\Mama\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\ArcSoft\TotalMedia TV 1.0\TotalMediaTVMonitor.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\starter4g.exe
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\XSManager\WTGService.exe
C:\Windows\service4g.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
mSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - <orphaned>
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll
uRun: [DriverScanner] "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000 
uRun: [GoogleChromeAutoLaunch_2A21C23C669AC3D64924D1229AADD79B] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [starter4g] C:\Windows\starter4g.exe
mRun: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: WallpaperStyle = 2
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
mPolicies-System: WallpaperStyle = 2
IE: Free YouTube Download - C:\Users\Mama\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{F6931C25-FFF0-426B-B73A-2030DB27EFCF} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F6931C25-FFF0-426B-B73A-2030DB27EFCF}\34F4D4D264F45525 : DHCPNameServer = 192.168.25.1 192.168.25.201
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TotalMediaTVMonitor] "C:\Program Files (x86)\ArcSoft\TotalMedia TV 1.0\TotalMediaTVMonitor.exe"
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Ocs_SM] C:\Users\Mama\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 avfwot;avfwot;C:\Windows\System32\drivers\avfwot.sys [2012-12-18 140936]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-12-18 27800]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 AntiVirFirewallService;Avira FireWall;C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-12-18 656672]
R2 AntiVirMailService;Avira Email Schutz;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-12-18 400160]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-18 85280]
R2 AntiVirService;Avira Echtzeit-Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-12-18 109344]
R2 AntiVirWebService;Avira Browser-Schutz;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-12-18 565024]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-12-18 99912]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 SearchAnonymizer;SearchAnonymizer;C:\Users\Mama\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2011-12-26 40960]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
R2 WTGService;WTGService;C:\Program Files (x86)\XSManager\WTGService.exe [2010-11-4 329168]
R2 XS Stick Service;XS Stick Service;C:\Windows\service4g.exe [2010-4-1 145064]
R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\System32\drivers\avfwim.sys [2012-12-18 114168]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;C:\Windows\System32\drivers\cmnsusbser.sys [2010-11-4 117888]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-19 227896]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-1-29 61280]
S3 fsssvc;Windows Live Family Safety-Dienst;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-7 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-9-25 216576]
S3 smsbda;SMS Digital Video;C:\Windows\System32\drivers\smsbda.sys [2010-11-4 63648]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-7 57856]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-01-03 22:02:50	--------	d-----w-	C:\Program Files (x86)\PixiePack Codec Pack
2013-01-03 21:53:05	--------	d-----w-	C:\Users\Mama\AppData\Local\RapidSolution
2013-01-03 20:43:45	2036	----a-w-	C:\Windows\System32\ASOROSet.bin
2013-01-03 20:25:53	934912	----a-w-	C:\ProgramData\Microsoft\Windows\Templates\VTechUninstall\QtNetwork4.dll
2013-01-03 20:25:53	7826432	----a-w-	C:\ProgramData\Microsoft\Windows\Templates\VTechUninstall\QtGui4.dll
2013-01-03 20:25:53	434112	----a-w-	C:\ProgramData\Microsoft\Windows\Templates\VTechUninstall\UninstallWizard.exe
2013-01-03 20:25:53	335360	----a-w-	C:\ProgramData\Microsoft\Windows\Templates\VTechUninstall\QtXml4.dll
2013-01-03 20:25:53	268800	----a-w-	C:\ProgramData\Microsoft\Windows\Templates\VTechUninstall\QtSvg4.dll
2013-01-03 20:25:53	2150400	----a-w-	C:\ProgramData\Microsoft\Windows\Templates\VTechUninstall\QtCore4.dll
2013-01-03 20:25:53	185800	----a-w-	C:\ProgramData\Microsoft\Windows\Templates\VTechUninstall\ProductExtend.exe
2013-01-02 20:28:24	--------	d-----w-	C:\Program Files (x86)\IrfanView
2013-01-02 18:58:21	--------	d-----w-	C:\Program Files (x86)\VS Revo Group
2012-12-31 20:50:02	--------	d-----w-	C:\Users\Mama\AppData\Roaming\HandBrake
2012-12-30 22:55:12	--------	d-----w-	C:\Windows\System32\IO
2012-12-30 22:05:23	--------	d-----w-	C:\FFOutput
2012-12-30 21:08:34	--------	d-----w-	C:\Program Files (x86)\Amazon
2012-12-30 20:48:05	--------	d-----w-	C:\Users\Mama\AppData\Roaming\Broad Intelligence
2012-12-30 20:48:03	--------	d-----w-	C:\Program Files (x86)\MediaCoder
2012-12-30 19:56:34	--------	d-----w-	C:\Users\Mama\AppData\Roaming\systweak
2012-12-30 19:54:30	--------	d-----w-	C:\Program Files (x86)\eRightSoft
2012-12-29 23:15:10	--------	d-----w-	C:\ProgramData\UAB
2012-12-29 23:15:06	--------	d-----w-	C:\Users\Mama\AppData\Local\PC_Drivers_Headquarters
2012-12-29 23:05:22	--------	d-----w-	C:\ProgramData\Driver Whiz
2012-12-29 23:03:11	--------	d-----w-	C:\Program Files (x86)\Driver Whiz
2012-12-29 22:19:27	--------	d-----w-	C:\Users\Mama\AppData\Roaming\FreeCDRipper
2012-12-29 22:04:53	--------	d-----w-	C:\Program Files (x86)\Free mp3 Wma Converter
2012-12-29 19:59:56	37216	----a-w-	C:\Windows\System32\uxtuneup.dll
2012-12-29 19:59:56	29536	----a-w-	C:\Windows\SysWow64\uxtuneup.dll
2012-12-29 19:33:12	--------	d-----w-	C:\Users\Mama\AppData\Local\VisualBeeExe
2012-12-29 19:32:50	--------	d-----w-	C:\ProgramData\VisualBee
2012-12-29 19:32:22	--------	d-----w-	C:\Program Files (x86)\Uniblue
2012-12-29 19:32:17	--------	d-----w-	C:\Users\Mama\AppData\Roaming\DVDVideoSoftIEHelpers
2012-12-29 19:32:05	--------	d-----w-	C:\Users\Mama\AppData\Roaming\DVDVideoSoft
2012-12-29 19:32:05	--------	d-----w-	C:\Program Files (x86)\DVDVideoSoft
2012-12-29 19:32:05	--------	d-----w-	C:\Program Files (x86)\Common Files\DVDVideoSoft
2012-12-29 19:14:07	34656	----a-w-	C:\Windows\System32\TURegOpt.exe
2012-12-29 19:14:06	25952	----a-w-	C:\Windows\System32\authuitu.dll
2012-12-29 19:14:06	21344	----a-w-	C:\Windows\SysWow64\authuitu.dll
2012-12-29 19:13:47	--------	d-----w-	C:\Users\Mama\AppData\Roaming\TuneUp Software
2012-12-29 19:13:34	--------	d-----w-	C:\ProgramData\TuneUp Software
2012-12-29 19:13:17	--------	d-sh--w-	C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-29 19:13:17	--------	d--h--w-	C:\ProgramData\Common Files
2012-12-29 19:13:17	--------	d-----w-	C:\Users\Mama\AppData\Roaming\4Free
2012-12-28 21:28:47	--------	d-----w-	C:\Users\Mama\AppData\Roaming\NVIDIA
2012-12-28 21:28:44	--------	d-----w-	C:\Users\Mama\AppData\Roaming\MOVAVI
2012-12-28 20:09:54	11137024	----a-w-	C:\Windows\SysWow64\libmfxsw32.dll
2012-12-20 22:27:37	46080	----a-w-	C:\Windows\System32\atmlib.dll
2012-12-20 22:27:37	367616	----a-w-	C:\Windows\System32\atmfd.dll
2012-12-20 22:27:37	34304	----a-w-	C:\Windows\SysWow64\atmlib.dll
2012-12-20 22:27:37	295424	----a-w-	C:\Windows\SysWow64\atmfd.dll
2012-12-18 13:25:42	--------	d-----w-	C:\Users\Mama\AppData\Roaming\Avira
2012-12-18 13:24:08	27800	----a-w-	C:\Windows\System32\drivers\avkmgr.sys
2012-12-18 13:24:07	99912	----a-w-	C:\Windows\System32\drivers\avgntflt.sys
2012-12-18 13:24:07	140936	----a-w-	C:\Windows\System32\drivers\avfwot.sys
2012-12-18 13:24:07	114168	----a-w-	C:\Windows\System32\drivers\avfwim.sys
2012-12-18 13:24:02	--------	d-----w-	C:\Program Files (x86)\Avira
2012-12-14 19:36:54	9125352	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A0D0BC48-CACF-4F77-962C-6D9982ACF161}\mpengine.dll
2012-12-12 20:32:58	2048	----a-w-	C:\Windows\SysWow64\tzres.dll
2012-12-07 21:04:47	3584	----a-w-	C:\Windows\System32\drivers\de-DE\tsusbflt.sys.mui
2012-12-07 21:02:33	--------	d-----w-	C:\Program Files (x86)\NVIDIA Corporation
2012-12-07 21:01:49	739432	----a-w-	C:\Windows\System32\easyupdatusapiu64.dll
2012-12-07 21:00:25	--------	d-----w-	C:\ProgramData\NVIDIA Corporation
2012-12-07 20:58:54	--------	d-----w-	C:\Program Files\NVIDIA Corporation
2012-12-07 20:54:34	96768	----a-w-	C:\Windows\SysWow64\sspicli.dll
2012-12-07 20:54:34	458712	----a-w-	C:\Windows\System32\drivers\cng.sys
2012-12-07 20:54:34	340992	----a-w-	C:\Windows\System32\schannel.dll
2012-12-07 20:54:34	307200	----a-w-	C:\Windows\System32\ncrypt.dll
2012-12-07 20:54:34	247808	----a-w-	C:\Windows\SysWow64\schannel.dll
2012-12-07 20:54:34	220160	----a-w-	C:\Windows\SysWow64\ncrypt.dll
2012-12-07 20:54:34	22016	----a-w-	C:\Windows\SysWow64\secur32.dll
2012-12-07 20:54:34	154480	----a-w-	C:\Windows\System32\drivers\ksecpkg.sys
2012-12-07 20:54:34	1448448	----a-w-	C:\Windows\System32\lsasrv.dll
2012-12-07 20:54:31	514560	----a-w-	C:\Windows\SysWow64\qdvd.dll
2012-12-07 20:54:31	366592	----a-w-	C:\Windows\System32\qdvd.dll
.
==================== Find3M  ====================
.
2012-12-11 21:29:18	73656	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 21:29:18	697272	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-22 03:26:40	3149824	----a-w-	C:\Windows\System32\win32k.sys
2012-11-17 17:37:58	19896	----a-w-	C:\Windows\System32\roboot64.exe
2012-11-14 06:11:44	2312704	----a-w-	C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11	1392128	----a-w-	C:\Windows\System32\wininet.dll
2012-11-14 06:02:49	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46	599040	----a-w-	C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22	1800704	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27	420864	----a-w-	C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09	2048	----a-w-	C:\Windows\System32\tzres.dll
2012-11-02 05:59:11	478208	----a-w-	C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31	376832	----a-w-	C:\Windows\SysWow64\dpnet.dll
2012-10-16 08:38:37	135168	----a-w-	C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34	350208	----a-w-	C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52	561664	----a-w-	C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13	55296	----a-w-	C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13	226816	----a-w-	C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31	44032	----a-w-	C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31	193536	----a-w-	C:\Windows\SysWow64\dhcpcore6.dll
.
============= FINISH: 13:29:40,19 ===============

[/CODE]
--- --- ---
--- --- ---
--- --- ---

Code:

ATTFilter

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 29.01.2010 12:11:50
System Uptime: 05.01.2013 12:55:04 (1 hours ago)
.
Motherboard: Quanta |  | 306C
Processor: Intel(R) Core(TM)2 Duo CPU     T6600  @ 2.20GHz | CPU | 2200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 188,277 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 2,097 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: ROOT\LEGACY_TUNEUPUTILITIESDRV\0000
Manufacturer: 
Name: 
PNP Device ID: ROOT\LEGACY_TUNEUPUTILITIESDRV\0000
Service: 
.
==== System Restore Points ===================
.
RP921: 01.01.2013 22:01:58 - Windows-Sicherung
RP922: 02.01.2013 20:00:53 - Revo Uninstaller's restore point - TuneUp Utilities 2013
RP923: 02.01.2013 20:06:28 - Revo Uninstaller's restore point - TuneUp Utilities 2013
RP924: 02.01.2013 20:09:43 - Revo Uninstaller's restore point - TuneUp Utilities 2013
RP925: 02.01.2013 20:28:07 - Revo Uninstaller's restore point - Uniblue DriverScanner
RP926: 02.01.2013 20:31:16 - Revo Uninstaller's restore point - Uniblue DriverScanner
RP927: 02.01.2013 20:43:15 - Revo Uninstaller's restore point - 4Free Video Converter 2
RP928: 02.01.2013 20:59:19 - Revo Uninstaller's restore point - PowerDirector
RP929: 02.01.2013 21:00:02 - Konfiguriert PowerDirector
RP930: 02.01.2013 21:16:36 - Revo Uninstaller's restore point - Free Mp3 Wma Converter V 2.2
RP931: 02.01.2013 21:24:51 - Revo Uninstaller's restore point - IrfanView (remove only)
RP932: 02.01.2013 22:13:34 - RegClean Pro Mi, Jan 02, 13  22:13
RP933: 03.01.2013 21:25:34 - Revo Uninstaller's restore point - VTech Download Manager
RP934: 03.01.2013 21:42:15 - Revo Uninstaller's restore point - RegClean Pro
RP935: 03.01.2013 21:52:32 - Revo Uninstaller's restore point - RegClean Pro
RP936: 03.01.2013 22:20:52 - Windows Update
RP937: 04.01.2013 20:52:51 - OTL Restore Point - 04.01.2013 20:52:49
RP938: 05.01.2013 12:30:49 - Removed Internet Explorer Toolbar 4.6 by SweetPacks
RP939: 05.01.2013 12:35:30 - Removed Java(TM) 6 Update 37
RP940: 05.01.2013 12:38:43 - Removed Java(TM) 6 Update 14 (64-bit)
.
==== Installed Programs ======================
.
1.36
Acrobat.com
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1 MUI
Adobe Shockwave Player 11.6
ArcSoft TotalMedia TV
Atheros Driver Installation Program
Avira Internet Security
AVS Photo Editor
AVS Update Manager 1.0
AVS Video Converter 8
AVS Video Editor 4
AVS Video Recorder 2.4
AVS Video ReMaker 3.1.1.83
AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator 1.4
Compatibility Pack für 2007 Office System
CyberLink DVD Suite
CyberLink YouCam
EPSON-Drucker-Software
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
ESDX6000_CX5900 Benutzerhandb.
Free AVI Video Converter version 5.0.21.1212
Free DVD Video Converter version 2.0.13.1212
Free YouTube Download version 3.1.42.1212
Google Chrome
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.1.1
HP Advisor
HP Customer Experience Enhancements
HP DVD Play 3.7
HP Games
HP Photo Creations
HP Quick Launch Buttons
HP Setup
HP Support Assistant
HP Update
HP User Guides 0148
HP Wireless Assistant
IDT Audio
IrfanView (remove only)
Junk Mail filter update
LabelPrint
LightScribe System Software
Magic Desktop
MeGUI modern media encoder (remove only)
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Excel Viewer
Microsoft Office File Validation Add-In
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
muvee Reveal
NVIDIA Drivers
NVIDIA Grafiktreiber 276.00
NVIDIA Install Application
NVIDIA Systemsteuerung 276.00
NVIDIA Update 1.3.12
NVIDIA Update Components
Photohands 1.0G
PIF DESIGNER
PixiePack Codec Pack
PlanMaker Viewer
Power2Go
PowerRecover
QLBCASL
Radiotracker USB
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Revo Uninstaller 1.94
SearchAnonymizer
Skype Click to Call
Skype™ 5.10
SweetPacks bundle uninstaller
swMSM
Synaptics Pointing Device Driver
TuneUp Utilities Language Pack (de-DE)
Ulead Movie Wizard SE VCD
VTech Download Agent Library
Windows Live-Uploadtool
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live Mail
Windows Live Movie Maker
Windows Live Toolbar
Windows Live Writer
XSManager
.
==== End Of File ===========================

Und ryder...was wir beide nun???? :-)

ryder · 05.01.2013, 16:21

Jetzt kommt Combofix!

Scan mit Combofix

Zitat:

WARNUNG:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Mama · 05.01.2013, 16:59

So...Combofix ist fertig...

Code:

ATTFilter

ComboFix 13-01-05.01 - Mama 05.01.2013  16:47:20.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4063.2430 [GMT 1:00]
ausgeführt von:: c:\users\Mama\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: Avira FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\AlexaNSISPlugin.3536.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-05 bis 2013-01-05  ))))))))))))))))))))))))))))))
.
.
2013-01-05 15:53 . 2013-01-05 15:53	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-03 22:02 . 2013-01-03 22:02	--------	d-----w-	c:\program files (x86)\PixiePack Codec Pack
2013-01-03 21:53 . 2013-01-03 21:53	--------	d-----w-	c:\users\Mama\AppData\Local\RapidSolution
2013-01-03 20:43 . 2013-01-03 20:46	2036	----a-w-	c:\windows\system32\ASOROSet.bin
2013-01-03 20:25 . 2012-11-02 09:51	185800	----a-w-	c:\programdata\Microsoft\Windows\Templates\VTechUninstall\ProductExtend.exe
2013-01-03 20:25 . 2012-08-07 10:30	434112	----a-w-	c:\programdata\Microsoft\Windows\Templates\VTechUninstall\UninstallWizard.exe
2013-01-03 20:25 . 2010-07-13 13:07	7826432	----a-w-	c:\programdata\Microsoft\Windows\Templates\VTechUninstall\QtGui4.dll
2013-01-03 20:25 . 2010-06-24 01:16	2150400	----a-w-	c:\programdata\Microsoft\Windows\Templates\VTechUninstall\QtCore4.dll
2013-01-03 20:25 . 2010-06-02 02:58	268800	----a-w-	c:\programdata\Microsoft\Windows\Templates\VTechUninstall\QtSvg4.dll
2013-01-03 20:25 . 2010-06-02 02:29	934912	----a-w-	c:\programdata\Microsoft\Windows\Templates\VTechUninstall\QtNetwork4.dll
2013-01-03 20:25 . 2010-06-02 02:28	335360	----a-w-	c:\programdata\Microsoft\Windows\Templates\VTechUninstall\QtXml4.dll
2013-01-02 20:28 . 2013-01-02 20:28	--------	d-----w-	c:\program files (x86)\IrfanView
2013-01-02 18:58 . 2013-01-05 13:09	--------	d-----w-	c:\program files (x86)\VS Revo Group
2012-12-31 20:50 . 2012-12-31 20:50	--------	d-----w-	c:\users\Mama\AppData\Roaming\HandBrake
2012-12-30 22:55 . 2012-12-30 22:55	--------	d-----w-	c:\windows\system32\IO
2012-12-30 22:05 . 2012-12-30 22:05	--------	d-----w-	C:\FFOutput
2012-12-30 21:08 . 2012-12-30 21:08	--------	d-----w-	c:\program files (x86)\Amazon
2012-12-30 20:48 . 2012-12-30 22:43	--------	d-----w-	c:\users\Mama\AppData\Roaming\Broad Intelligence
2012-12-30 20:48 . 2012-12-30 22:43	--------	d-----w-	c:\program files (x86)\MediaCoder
2012-12-30 19:56 . 2013-01-03 21:05	--------	d-----w-	c:\users\Mama\AppData\Roaming\systweak
2012-12-30 19:54 . 2012-12-30 19:57	--------	d-----w-	c:\program files (x86)\eRightSoft
2012-12-29 23:15 . 2012-12-29 23:16	--------	d-----w-	c:\programdata\UAB
2012-12-29 23:15 . 2012-12-29 23:15	--------	d-----w-	c:\users\Mama\AppData\Local\PC_Drivers_Headquarters
2012-12-29 23:05 . 2012-12-29 23:05	--------	d-----w-	c:\programdata\Driver Whiz
2012-12-29 23:03 . 2012-12-29 23:03	--------	d-----w-	c:\program files (x86)\Driver Whiz
2012-12-29 22:19 . 2012-12-29 22:19	--------	d-----w-	c:\users\Mama\AppData\Roaming\FreeCDRipper
2012-12-29 22:04 . 2012-12-31 20:23	--------	d-----w-	c:\program files (x86)\Free mp3 Wma Converter
2012-12-29 19:59 . 2012-11-29 15:06	37216	----a-w-	c:\windows\system32\uxtuneup.dll
2012-12-29 19:59 . 2012-11-29 15:06	29536	----a-w-	c:\windows\SysWow64\uxtuneup.dll
2012-12-29 19:33 . 2012-12-31 20:37	--------	d-----w-	c:\users\Mama\AppData\Local\VisualBeeExe
2012-12-29 19:32 . 2012-12-31 20:34	--------	d-----w-	c:\programdata\VisualBee
2012-12-29 19:32 . 2013-01-02 19:30	--------	d-----w-	c:\program files (x86)\Uniblue
2012-12-29 19:32 . 2012-12-31 21:03	--------	d-----w-	c:\users\Mama\AppData\Roaming\DVDVideoSoft
2012-12-29 19:32 . 2012-12-31 21:03	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2012-12-29 19:32 . 2012-12-31 21:03	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
2012-12-29 19:14 . 2012-11-29 15:06	34656	----a-w-	c:\windows\system32\TURegOpt.exe
2012-12-29 19:14 . 2012-11-29 15:06	25952	----a-w-	c:\windows\system32\authuitu.dll
2012-12-29 19:14 . 2012-11-29 15:06	21344	----a-w-	c:\windows\SysWow64\authuitu.dll
2012-12-29 19:13 . 2012-12-29 19:13	--------	d-----w-	c:\users\Mama\AppData\Roaming\TuneUp Software
2012-12-29 19:13 . 2012-12-31 13:06	--------	d-----w-	c:\programdata\TuneUp Software
2012-12-29 19:13 . 2012-12-29 20:12	--------	d-sh--w-	c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-29 19:13 . 2012-12-29 19:13	--------	d--h--w-	c:\programdata\Common Files
2012-12-29 19:13 . 2012-12-29 19:13	--------	d-----w-	c:\users\Mama\AppData\Roaming\4Free
2012-12-28 21:28 . 2012-12-28 21:28	--------	d-----w-	c:\users\Mama\AppData\Roaming\NVIDIA
2012-12-28 21:28 . 2012-12-28 22:05	--------	d-----w-	c:\users\Mama\AppData\Roaming\MOVAVI
2012-12-28 20:09 . 2012-03-23 18:58	11137024	----a-w-	c:\windows\SysWow64\libmfxsw32.dll
2012-12-20 22:27 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-20 22:27 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-20 22:27 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-20 22:27 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-18 13:25 . 2012-12-18 13:25	--------	d-----w-	c:\users\Mama\AppData\Roaming\Avira
2012-12-18 13:24 . 2012-12-18 08:42	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-12-18 13:24 . 2012-12-18 08:42	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-18 13:24 . 2012-12-18 08:42	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-12-18 13:24 . 2012-12-18 08:42	140936	----a-w-	c:\windows\system32\drivers\avfwot.sys
2012-12-18 13:24 . 2012-12-18 08:42	114168	----a-w-	c:\windows\system32\drivers\avfwim.sys
2012-12-18 13:24 . 2012-12-18 13:24	--------	d-----w-	c:\program files (x86)\Avira
2012-12-14 19:36 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0D0BC48-CACF-4F77-962C-6D9982ACF161}\mpengine.dll
2012-12-12 20:32 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-07 21:04 . 2012-08-23 15:09	3584	----a-w-	c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
2012-12-07 21:02 . 2013-01-03 20:50	--------	d-----w-	c:\users\UpdatusUser
2012-12-07 21:02 . 2012-12-07 21:02	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2012-12-07 21:01 . 2011-08-25 04:00	739432	----a-w-	c:\windows\system32\easyupdatusapiu64.dll
2012-12-07 21:00 . 2012-12-30 23:17	--------	d-----w-	c:\programdata\NVIDIA Corporation
2012-12-07 20:58 . 2012-12-31 13:06	--------	d-----w-	c:\program files\NVIDIA Corporation
2012-12-07 20:54 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-12-07 20:54 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2012-12-07 20:54 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2012-12-07 20:54 . 2012-08-24 18:04	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-12-07 20:54 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2012-12-07 20:54 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2012-12-07 20:54 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-12-07 20:54 . 2012-08-24 16:57	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-12-07 20:54 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-12-07 20:54 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-12-07 20:54 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 21:19 . 2010-05-27 18:22	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-12-11 21:29 . 2012-04-02 08:14	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 21:29 . 2011-05-15 18:57	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-17 17:37 . 2011-02-16 21:10	19896	----a-w-	c:\windows\system32\roboot64.exe
2012-10-25 19:02 . 2012-10-25 19:02	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-10-25 19:02 . 2012-10-25 19:02	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-10-25 19:02 . 2012-10-25 19:02	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-10-25 19:02 . 2012-10-25 19:02	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-10-25 19:02 . 2012-10-25 19:02	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-10-25 19:02 . 2012-10-25 19:02	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-10-25 19:02 . 2012-10-25 19:02	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-10-25 19:02 . 2012-10-25 19:02	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-10-25 19:02 . 2012-10-25 19:02	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-10-25 19:02 . 2012-10-25 19:02	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-10-25 19:02 . 2012-10-25 19:02	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-10-25 19:02 . 2012-10-25 19:02	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-10-25 19:02 . 2012-10-25 19:02	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-10-25 19:02 . 2012-10-25 19:02	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-10-25 19:02 . 2012-10-25 19:02	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-10-25 19:02 . 2012-10-25 19:02	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-10-25 19:02 . 2012-10-25 19:02	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-10-25 19:02 . 2012-10-25 19:02	89088	----a-w-	c:\windows\system32\ie4uinit.exe
2012-10-25 19:02 . 2012-10-25 19:02	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-10-25 19:02 . 2012-10-25 19:02	82432	----a-w-	c:\windows\system32\icardie.dll
2012-10-25 19:02 . 2012-10-25 19:02	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-10-25 19:02 . 2012-10-25 19:02	65024	----a-w-	c:\windows\system32\pngfilt.dll
2012-10-25 19:02 . 2012-10-25 19:02	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2012-10-25 19:02 . 2012-10-25 19:02	534528	----a-w-	c:\windows\system32\ieapfltr.dll
2012-10-25 19:02 . 2012-10-25 19:02	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-10-25 19:02 . 2012-10-25 19:02	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-10-25 19:02 . 2012-10-25 19:02	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2012-10-25 19:02 . 2012-10-25 19:02	448512	----a-w-	c:\windows\system32\html.iec
2012-10-25 19:02 . 2012-10-25 19:02	403248	----a-w-	c:\windows\system32\iedkcs32.dll
2012-10-25 19:02 . 2012-10-25 19:02	39936	----a-w-	c:\windows\system32\iernonce.dll
2012-10-25 19:02 . 2012-10-25 19:02	3695416	----a-w-	c:\windows\system32\ieapfltr.dat
2012-10-25 19:02 . 2012-10-25 19:02	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-10-25 19:02 . 2012-10-25 19:02	282112	----a-w-	c:\windows\system32\dxtrans.dll
2012-10-25 19:02 . 2012-10-25 19:02	267776	----a-w-	c:\windows\system32\ieaksie.dll
2012-10-25 19:02 . 2012-10-25 19:02	249344	----a-w-	c:\windows\system32\webcheck.dll
2012-10-25 19:02 . 2012-10-25 19:02	222208	----a-w-	c:\windows\system32\msls31.dll
2012-10-25 19:02 . 2012-10-25 19:02	197120	----a-w-	c:\windows\system32\msrating.dll
2012-10-25 19:02 . 2012-10-25 19:02	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-10-25 19:02 . 2012-10-25 19:02	163840	----a-w-	c:\windows\system32\ieakui.dll
2012-10-25 19:02 . 2012-10-25 19:02	160256	----a-w-	c:\windows\system32\wextract.exe
2012-10-25 19:02 . 2012-10-25 19:02	160256	----a-w-	c:\windows\system32\ieakeng.dll
2012-10-25 19:02 . 2012-10-25 19:02	149504	----a-w-	c:\windows\system32\occache.dll
2012-10-25 19:02 . 2012-10-25 19:02	145920	----a-w-	c:\windows\system32\iepeers.dll
2012-10-25 19:02 . 2012-10-25 19:02	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-10-25 19:02 . 2012-10-25 19:02	12288	----a-w-	c:\windows\system32\mshta.exe
2012-10-25 19:02 . 2012-10-25 19:02	114176	----a-w-	c:\windows\system32\admparse.dll
2012-10-25 19:02 . 2012-10-25 19:02	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-10-25 19:02 . 2012-10-25 19:02	10752	----a-w-	c:\windows\system32\msfeedssync.exe
2012-10-25 19:02 . 2012-10-25 19:02	103936	----a-w-	c:\windows\system32\inseng.dll
2012-10-16 08:38 . 2012-11-28 18:42	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 18:42	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 18:42	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-14 16:57	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 16:57	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 16:57	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 16:57	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_2A21C23C669AC3D64924D1229AADD79B"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2012-12-05 1242728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]
"starter4g"="c:\windows\starter4g.exe" [2010-04-01 159912]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2012-11-08 377800]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-18 384800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2010-11-04 117888]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 smsbda;SMS Digital Video;c:\windows\system32\drivers\smsbda.sys [2010-11-04 63648]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-12-18 140936]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-12-18 27800]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-12-18 656672]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-12-18 400160]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-18 85280]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-12-18 565024]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\Mama\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2011-12-26 40960]
S2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe [2010-04-12 329168]
S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-04-01 145064]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-12-18 114168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02	114688	----a-w-	c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 21:29]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-24 17:58]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-24 17:58]
.
2013-01-05 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-12-26 22:05]
.
2012-12-10 c:\windows\Tasks\HPCeeScheduleForMAMA-PC$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
2013-01-04 c:\windows\Tasks\HPCeeScheduleForMama.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TotalMediaTVMonitor"="c:\program files (x86)\ArcSoft\TotalMedia TV 1.0\TotalMediaTVMonitor.exe" [2010-04-13 307200]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"Ocs_SM"="c:\users\Mama\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2011-12-26 106496]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://www.google.com
IE: Free YouTube Download - c:\users\Mama\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - (no file)
Toolbar-{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - (no file)
Wow6432Node-HKCU-Run-DriverScanner - c:\program files (x86)\Uniblue\DriverScanner\launcher.exe
WebBrowser-{78E516EF-11DE-47A1-8364-A99B917EC5EE} - (no file)
WebBrowser-{238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Amazon Browser Bar - c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.Uninstall.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-05  16:55:56
ComboFix-quarantined-files.txt  2013-01-05 15:55
.
Vor Suchlauf: 10 Verzeichnis(se), 199.902.633.984 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 199.889.317.888 Bytes frei
.
- - End Of File - - D0ED247864DB51F87D8B638BB3A8FCFE

ryder · 05.01.2013, 17:02

Gut!

Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten.

Schritt 1:
Quick-Scan mit Malwarebytes

Downloade Dir bitte Malwarebytes
Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung

Wenn das Update beendet wurde, aktiviere Quickscan durchführen und drücke auf Scannen.

Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.

Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.

Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.

Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2:
ESET Online Scanner

Zitat:

Wichtig:
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten!
Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Bitte hier klicken --->
Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden, installieren und starten.

IE-User müssen das Installieren eines ActiveX Elements erlauben.

Setze den einen Haken bei Yes, i accept the Terms of Use/Ja, ich stimme ... zu und drücke den Button.

Warte bis die Komponenten herunter geladen wurden.

Setze einen Haken bei "Scan archives/Archive prüfen" und entferne den Haken bei Remove Found Threads/Entdeckte Bedrohungen entfernen.

drücken. Die Signaturen werden herunter geladen und der Scan beginnt automatisch und kann sehr lange (einige Stunden) dauern!

Wenn der Scan beendet wurde
Klicke und dann

Speichere das Logfile als ESET.txt auf dem Desktop.

Klicke Back und Finish

Bitte poste die ESET.txt hier oder teile mir mit, dass nichts gefunden wurde.

Schritt 3:
Scan mit SecurityCheck

Downloade Dir bitte SecurityCheck: LINK1 LINK2
Speichere es auf dem Desktop.

Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Mama · 05.01.2013, 18:46

Ryder...mit dem Link in Schritt 1 zur "Malwarebytes" komme ich nicht klar, ich werde zu einer anderen englischen Seite weitergeleitet, wo ich mich registrieren müsste.

Haste dafür vielleicht noch eine andere Möglichkeit?

Du Ryder....insgesamt habe ich schon mal das Gefühl, dass alles geschmeidiger und schneller läuft.
Aber...habe jetzt mal wieder versucht, für den Storio2 von Vtech mir den Downloade Manager auf dem Lapi zu installieren (ich hatte ihn vor ein paar Tagen schon mal drauf, durch meine Probleme hatte ich ihn wieder deinstalliert)....aber leider kann ich ihn nur hochladen....bei der tatsächlichen Installation macht der nur 4 %, dann bricht er ab und sagt, Fehler im System...boote Dein Computer neu....und wenn ich das mache, danach wieder das gleiche.....
warum kann ich bloß dat Ding nicht installieren??? Habe es auf unserem anderen PC versucht, da klappt es sofort! Wat ist das bloß??

ryder · 05.01.2013, 20:13

Du sollst nichts ausser dem machen, was ich dir anweise. Das steht in den Regeln und du hast sie gelesen.

Der Link zu Malwarebytes ist okay. Du solltest auf Filepony kommen und da ist rechts oben der Downloadlink.

05.01.2013, 12:01	#7
ryder /// TB-Ausbilder	kann nicht downloden...Downlods werden abgebrochen>>erscheint Systemfehler u boote neu Ja, mach das und dann arbeite meine Schritte ab __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

05.01.2013, 12:24	#9
ryder /// TB-Ausbilder	kann nicht downloden...Downlods werden abgebrochen>>erscheint Systemfehler u boote neu Das ist nicht nötig. Wir schaffen das auch so. Also los! __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

05.01.2013, 20:13	#15
ryder /// TB-Ausbilder	kann nicht downloden...Downlods werden abgebrochen>>erscheint Systemfehler u boote neu Du sollst nichts ausser dem machen, was ich dir anweise. Das steht in den Regeln und du hast sie gelesen. Der Link zu Malwarebytes ist okay. Du solltest auf Filepony kommen und da ist rechts oben der Downloadlink. __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

kann nicht downloden...Downlods werden abgebrochen>>erscheint Systemfehler u boote neu

Log-Analyse und Auswertung: kann nicht downloden...Downlods werden abgebrochen>>erscheint Systemfehler u boote neu