Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Telekom Brief; Verdacht auf Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.06.2013, 14:35   #1
Treengo
 
Telekom Brief; Verdacht auf Trojaner - Standard

Telekom Brief; Verdacht auf Trojaner



Hallo Trojaner-Board Gemeinde,

ich habe vor einigen Tagen einen Brief von der Telekom erhalten, in der steht, dass mein Internetzugang benutzt wurde um fremde Computer zu hacken. Deswegen wollte ich meinen PC auf Viren und Schädlingsprogramme untersuchen.

Nun zu meinem Problem, ich hab leider nicht so viel Ahnung in diesem Bereich. Ich habe gestern mit Malwarebytes schon einmal einen vollständigen Scan durchlaufen lassen. Bei meinem PC wurde eine "Trojan.Spyeye"(C:\Recycle.bin(Trojan.Spyeye)) und zwei "PUP.FakeFlash.Domaiq"(C:\Users\Mui\Downloads\FlashPlayer_V.121027780c.exe und C:\Users\Mui\Downloads\FlashPlayer_V.121048706c.exe) gefunden. Auf dem Laptop wurde nur eine "PUP.Blabbers"(C:\Program Files\BrowserCompanion\BCHelper.exe) gefunden. Ich hoffe, ihr könnt mir dabei helfen. Ein weiteres Problem ist, dass ich einen PC und einen Laptop besitze und ich weiss nicht, auf welchem jetzt eine Spyware drauf ist. Ich hoffe es ist nicht allzu umständlich für euch.

hier sind die Log Dateien:
Log Datei vom PC:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.07.05

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Mui :: MUI-PC [Administrator]

07.06.2013 13:34:58
mbam-log-2013-06-07 (13-34-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 352503
Laufzeit: 51 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Recycle.Bin (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 2
C:\Users\Mui\Downloads\FlashPlayer_V.121027780c.exe (PUP.FakeFlash.Domaiq) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mui\Downloads\FlashPlayer_V.121048706c.exe (PUP.FakeFlash.Domaiq) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Log Datei vom Laptop:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.07.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
FUJITSU :: FUJITSU-PC [Administrator]

7/6/2013 13:39:04
mbam-log-2013-06-07 (13-39-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 355263
Laufzeit: 1 Stunde(n), 12 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Vielen Dank schon mal im Voraus!

LG

Treengo

Alt 08.06.2013, 15:45   #2
markusg
/// Malware-holic
 
Telekom Brief; Verdacht auf Trojaner - Standard

Telekom Brief; Verdacht auf Trojaner



Hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 08.06.2013, 16:39   #3
Treengo
 
Telekom Brief; Verdacht auf Trojaner - Standard

Telekom Brief; Verdacht auf Trojaner



Vielen Dank für die Antwort!

Da der Inhalt der beiden OTL.txt und Extras.txt zu groß sind für einen Beitrag, muss ich es in zwei Beiträge aufteilen. Ich hoffe, das ist für Sie in Ordnung.

PC:

OTL.txt
Code:
ATTFilter
OTL logfile created on: 08.06.2013 17:06:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mui\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 49,74% Memory free
6,72 Gb Paging File | 5,35 Gb Available in Paging File | 79,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,30 Gb Total Space | 306,13 Gb Free Space | 68,75% Space Free | Partition Type: NTFS
Drive D: | 20,44 Gb Total Space | 10,37 Gb Free Space | 50,70% Space Free | Partition Type: FAT32
 
Computer Name: MUI-PC | User Name: Mui | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.08 17:03:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mui\Desktop\OTL.exe
PRC - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
PRC - [2013.05.12 10:28:13 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.05.12 10:27:43 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.05.12 10:27:36 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.05.12 10:27:35 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.08 02:56:38 | 006,727,544 | ---- | M] (PPStream Inc.) -- D:\PPS.tv\PPStream\PPStream.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2013.01.31 16:10:00 | 000,201,808 | ---- | M] (Somoto) -- C:\Programme\FilesFrog Update Checker\update_checker.exe
PRC - [2013.01.23 04:57:34 | 003,682,168 | ---- | M] (PPStream Inc.) -- D:\PPS.tv\PPStream\PPSKernel.exe
PRC - [2013.01.18 16:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2013.01.18 16:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.06.06 11:41:48 | 001,823,160 | ---- | M] (Bandoo Media, inc) -- C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2011.09.02 23:48:30 | 000,016,384 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.03.24 23:27:38 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.08.28 11:43:14 | 001,486,848 | R--- | M] (VIA) -- C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009.03.08 13:34:00 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ielowutil.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:24:54 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008.01.21 04:24:43 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 04:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
MOD - [2013.05.23 11:09:01 | 002,521,040 | ---- | M] () -- c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.02.13 02:37:30 | 000,449,968 | ---- | M] () -- D:\PPS.tv\PPStream\powerlua.dll
MOD - [2011.09.02 23:48:30 | 000,143,360 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\bwfiles.dll
MOD - [2011.09.02 23:48:30 | 000,049,152 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\clntutil.dll
MOD - [2011.09.02 23:48:30 | 000,020,480 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll
MOD - [2011.09.02 23:48:30 | 000,016,384 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
MOD - [2011.07.17 21:32:29 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.05.28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.08.28 05:31:08 | 047,628,288 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\skin.dll
MOD - [2009.05.07 10:53:18 | 000,106,496 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2009.05.07 10:50:46 | 000,073,728 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2008.02.14 07:57:00 | 000,094,208 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
SRV - [2013.05.12 10:28:13 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.05.12 10:27:36 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013.05.12 10:28:32 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.05.12 10:28:32 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.05.12 10:28:32 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.05.12 10:28:32 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.02.23 10:48:36 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.08.17 13:17:44 | 001,077,760 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.08.05 08:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2006.10.18 07:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2002.06.10 08:16:34 | 000,371,766 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CamDrL21.sys -- (PhilCam8116)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=AA9CBCAEC5D759CF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=AA9CBCAEC5D759CF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 9F 7F 8F 65 EA CB 01  [binary data]
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=AA9CBCAEC5D759CF
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNRN_de
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mui\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mui\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.03.24 23:27:47 | 000,000,000 | ---D | M]
 
[2013.06.08 17:01:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=AA9CBCAEC5D759CF
CHR - Extension: No name found = C:\Users\Mui\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\
CHR - Extension: No name found = C:\Users\Mui\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adblock IE) - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Programme\MGTEK\Adblock IE\adblockie.dll (MGTEK)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Programme\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Programme\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Ehycex] C:\Users\Mui\AppData\Roaming\Azgiqy\ulofa.exe (Sysinternals - www.sysinternals.com)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Mui\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (PPStream Inc.)
O4 - HKCU..\Run: [SDP] C:\Program Files\FilesFrog Update Checker\update_checker.exe (Somoto)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [awde7zip22994]  File not found
O4 - Startup: C:\Users\Mui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mui\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C52ABCC1-6FB8-4295-AB3D-65F69F759300}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.08 17:03:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mui\Desktop\OTL.exe
[2013.06.08 17:02:19 | 000,000,000 | ---D | C] -- C:\Users\Mui\Local Settings
[2013.06.08 17:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.06.08 17:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.06.08 17:02:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013.06.08 17:02:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013.06.08 17:02:14 | 000,000,000 | ---D | C] -- C:\Users\Mui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013.06.08 17:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013.06.08 17:02:04 | 000,000,000 | ---D | C] -- C:\Users\Mui\AppData\Roaming\BabSolution
[2013.06.08 17:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.06.08 17:01:59 | 000,000,000 | ---D | C] -- C:\Users\Mui\AppData\Roaming\Delta
[2013.06.08 17:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013.06.08 17:01:41 | 000,000,000 | ---D | C] -- C:\Users\Mui\AppData\Roaming\Babylon
[2013.06.08 17:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.06.08 17:01:39 | 000,000,000 | ---D | C] -- C:\Users\Mui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
[2013.06.08 17:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\FilesFrog Update Checker
[2013.06.07 13:30:47 | 000,000,000 | ---D | C] -- C:\Users\Mui\AppData\Roaming\Malwarebytes
[2013.06.07 13:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.07 13:30:40 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.06.07 13:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.06.07 13:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.12 10:40:38 | 000,000,000 | ---D | C] -- C:\Users\Mui\AppData\Roaming\Avira
[2013.05.12 10:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.12 10:34:40 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.05.12 10:34:39 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.05.12 10:34:39 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.05.12 10:34:39 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.05.12 10:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.12 10:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.10.04 21:19:04 | 078,545,304 | ---- | C] (Apple Inc.) -- C:\Users\Mui\iTunesSetup.exe
[2011.10.10 20:13:36 | 029,363,192 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Users\Mui\TeamSpeak3-Client-win32-3.0.1.exe
[2011.09.02 23:36:08 | 000,493,520 | ---- | C] (Facebook Inc.) -- C:\Users\Mui\FacebookVideoCallSetup_v1.2.203.0.exe
[2011.08.31 13:37:35 | 004,179,293 | ---- | C] (Lavalys, Inc.                                               ) -- C:\Users\Mui\everesthome220.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.08 17:03:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mui\Desktop\OTL.exe
[2013.06.08 17:01:39 | 000,000,966 | ---- | M] () -- C:\Users\Mui\Desktop\Check for Updates.lnk
[2013.06.08 16:33:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.08 16:06:22 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.08 16:06:22 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.08 15:20:29 | 000,617,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.08 15:20:29 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.08 15:20:29 | 000,125,824 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.08 15:20:29 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.08 14:46:01 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1981867468-2835684101-309093867-1000UA.job
[2013.06.08 08:46:05 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1981867468-2835684101-309093867-1000Core.job
[2013.06.08 08:06:25 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.08 08:06:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.08 08:06:17 | 3488,800,768 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.07 23:13:20 | 000,015,360 | ---- | M] () -- C:\Users\Mui\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.07 22:50:29 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C2618CAF-3356-4046-B5FE-FBFA09391981}.job
[2013.06.07 13:30:41 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.06 19:37:29 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.05.12 10:35:00 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.12 10:28:32 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.05.12 10:28:32 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.05.12 10:28:32 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.05.12 10:28:32 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
 
========== Files Created - No Company Name ==========
 
[2013.06.08 17:01:39 | 000,000,966 | ---- | C] () -- C:\Users\Mui\Desktop\Check for Updates.lnk
[2013.06.07 13:30:41 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.12 10:35:00 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.09.08 16:45:52 | 000,035,013 | ---- | C] () -- C:\Users\Mui\booking_20120908-00223[1].pdf
[2011.11.02 20:46:40 | 001,531,359 | ---- | C] () -- C:\Users\Mui\wrar401d.exe
[2011.10.12 23:23:47 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.09.03 00:03:39 | 000,005,187 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.09.02 23:48:30 | 000,081,920 | R--- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
[2011.09.02 22:31:10 | 018,460,672 | ---- | C] () -- C:\Users\Mui\SkypeSetup_5.5.0.115.msi
[2011.08.05 21:18:59 | 000,001,670 | ---- | C] () -- C:\Users\Mui\League of Legends spielen .lnk
[2011.07.27 22:13:51 | 001,264,480 | ---- | C] () -- C:\Users\Mui\CHECK24_Anfahrtsbeschreibung_klein.pdf
[2011.07.17 22:17:55 | 001,152,079 | ---- | C] () -- C:\Users\Mui\Berwerbung Ka-Wai Lung bei Check 24.zip
[2011.07.17 21:27:04 | 168,166,968 | ---- | C] () -- C:\Users\Mui\OOo_3.3.0_Win_x86_install-wJRE_de.exe
[2011.06.23 11:55:56 | 000,015,360 | ---- | C] () -- C:\Users\Mui\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.20 16:09:55 | 000,000,774 | ---- | C] () -- C:\Users\Mui\Little Fighter 2.lnk
[2011.03.18 21:28:05 | 000,009,944 | ---- | C] () -- C:\Users\Mui\AppData\Local\d3d9caps.dat
[2011.01.19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Users\Mui\openofficeorg33.msi
[2011.01.19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Users\Mui\setup.exe
[2011.01.19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Users\Mui\openofficeorg1.cab
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.09 17:44:25 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Audacity
[2013.05.18 10:03:21 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Avygz
[2013.04.29 18:11:05 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Azgiqy
[2013.06.08 17:02:05 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\BabSolution
[2013.06.08 17:01:41 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Babylon
[2013.06.08 17:01:59 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Delta
[2012.10.17 21:17:29 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\DVDVideoSoft
[2012.10.17 21:17:17 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.05.16 19:32:33 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Ebuto
[2013.04.28 08:58:01 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Gymyo
[2011.08.05 22:20:36 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\LolClient
[2013.04.28 22:33:54 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Maawq
[2011.04.12 23:10:48 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\NJStar
[2012.10.17 21:16:54 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\OpenCandy
[2011.07.17 21:36:30 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\OpenOffice.org
[2013.06.08 12:56:46 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\PPStream
[2011.03.25 12:45:59 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Tencent
[2011.10.12 20:21:16 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\TS3Client
[2012.10.17 21:18:18 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\TuneUp Software
[2013.04.24 08:49:48 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Uwtapo
[2013.05.03 08:09:30 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Viegr
[2013.05.20 18:30:44 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Xuqile
[2013.04.29 18:11:05 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Yhdyx
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.03.18 21:28:20 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.03.18 21:19:50 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.03.18 21:26:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.10.17 21:17:05 | 000,000,000 | ---D | M] -- C:\Free YouTube to MP3 Converter
[2011.03.18 21:41:56 | 000,000,000 | ---D | M] -- C:\Intel
[2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.04.09 22:54:04 | 000,000,000 | ---D | M] -- C:\PPSDownload
[2013.06.08 12:56:49 | 000,000,000 | ---D | M] -- C:\ppsvodcache
[2013.06.08 17:02:17 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.06.08 17:02:08 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.03.18 21:26:37 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.08.05 21:15:01 | 000,000,000 | ---D | M] -- C:\Riot Games
[2013.06.08 17:08:17 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.04.12 23:43:03 | 000,000,000 | ---D | M] -- C:\temp
[2011.08.31 23:02:12 | 000,000,000 | R--D | M] -- C:\Users
[2013.04.13 00:09:44 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2008.01.21 04:24:48 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:49 | 000,032,510 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.03.24 23:28:01 | 000,001,088 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.03.24 23:28:04 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2011.08.06 21:09:29 | 000,000,418 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C2618CAF-3356-4046-B5FE-FBFA09391981}.job
[2011.09.02 23:36:16 | 000,001,108 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1981867468-2835684101-309093867-1000Core.job
[2011.09.02 23:36:17 | 000,001,130 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1981867468-2835684101-309093867-1000UA.job
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
< %USERPROFILE%\*.* >
[2011.07.17 22:18:03 | 001,152,079 | ---- | M] () -- C:\Users\Mui\Berwerbung Ka-Wai Lung bei Check 24.zip
[2012.09.08 16:45:52 | 000,035,013 | ---- | M] () -- C:\Users\Mui\booking_20120908-00223[1].pdf
[2011.07.27 22:14:03 | 001,264,480 | ---- | M] () -- C:\Users\Mui\CHECK24_Anfahrtsbeschreibung_klein.pdf
[2011.08.31 13:37:49 | 004,179,293 | ---- | M] (Lavalys, Inc.                                               ) -- C:\Users\Mui\everesthome220.exe
[2011.09.02 23:36:12 | 000,493,520 | ---- | M] (Facebook Inc.) -- C:\Users\Mui\FacebookVideoCallSetup_v1.2.203.0.exe
[2012.10.04 21:19:05 | 078,545,304 | ---- | M] (Apple Inc.) -- C:\Users\Mui\iTunesSetup.exe
[2011.08.05 21:18:59 | 000,001,670 | ---- | M] () -- C:\Users\Mui\League of Legends spielen .lnk
[2011.04.20 16:09:55 | 000,000,774 | ---- | M] () -- C:\Users\Mui\Little Fighter 2.lnk
[2013.06.08 17:13:45 | 003,407,872 | -HS- | M] () -- C:\Users\Mui\NTUSER.DAT
[2013.06.08 17:13:44 | 000,262,144 | -H-- | M] () -- C:\Users\Mui\ntuser.dat.LOG1
[2011.03.18 21:28:05 | 000,000,000 | -H-- | M] () -- C:\Users\Mui\ntuser.dat.LOG2
[2013.06.07 23:27:11 | 000,065,536 | -HS- | M] () -- C:\Users\Mui\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2013.06.07 23:27:11 | 000,524,288 | -HS- | M] () -- C:\Users\Mui\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2012.12.04 09:59:21 | 000,524,288 | -HS- | M] () -- C:\Users\Mui\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2011.03.18 21:28:05 | 000,000,020 | -HS- | M] () -- C:\Users\Mui\ntuser.ini
[2011.07.17 21:27:05 | 168,166,968 | ---- | M] () -- C:\Users\Mui\OOo_3.3.0_Win_x86_install-wJRE_de.exe
[2011.01.19 13:30:10 | 142,700,671 | ---- | M] () -- C:\Users\Mui\openofficeorg1.cab
[2011.01.19 13:34:42 | 003,003,392 | ---- | M] () -- C:\Users\Mui\openofficeorg33.msi
[2011.01.19 13:33:04 | 000,475,016 | ---- | M] () -- C:\Users\Mui\setup.exe
[2011.09.02 22:31:10 | 018,460,672 | ---- | M] () -- C:\Users\Mui\SkypeSetup_5.5.0.115.msi
[2011.10.10 20:13:36 | 029,363,192 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\Mui\TeamSpeak3-Client-win32-3.0.1.exe
[2011.11.02 20:46:45 | 001,531,359 | ---- | M] () -- C:\Users\Mui\wrar401d.exe
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 08.06.2013 17:06:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mui\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 49,74% Memory free
6,72 Gb Paging File | 5,35 Gb Available in Paging File | 79,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,30 Gb Total Space | 306,13 Gb Free Space | 68,75% Space Free | Partition Type: NTFS
Drive D: | 20,44 Gb Total Space | 10,37 Gb Free Space | 50,70% Space Free | Partition Type: FAT32
 
Computer Name: MUI-PC | User Name: Mui | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E72166-D3DD-4513-A37D-6F76A811C9C2}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{03BBE0F9-E66A-42D6-9BAB-637A60E2EB1C}" = dir=in | app=d:\pps.tv\ppsgame\updater.exe | 
"{085E7FF6-89D1-4148-8574-63EC74C2B1B0}" = protocol=6 | dir=in | app=c:\program files\tencent\qqintl\bin\auclt.exe | 
"{1E54B754-DC8E-4393-9C02-117BAEC59E94}" = dir=in | app=c:\users\mui\appdata\roaming\ppstream\ppsupdate.exe | 
"{2D9E9D4D-C326-4968-8EB0-348647C2B169}" = dir=in | app=d:\pps.tv\ppsgame\ppsgame.exe | 
"{3428B75E-579B-4FA7-9FBC-DD48A48985F8}" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe | 
"{3A65146A-F86F-4EDD-A955-8F16C76A3D4B}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{3E83FD96-A2DC-4FF6-83C2-5D60E25A2C39}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{47932D75-D3DB-4595-A25E-73954B5E0EFD}" = protocol=6 | dir=in | app=d:\pps.tv\ppsgame\ppsgame.exe | 
"{4897A6DA-A97D-4D28-9B42-2D91B770E409}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{59A40C6B-A3F0-464D-BD6F-43D69BBAD641}" = protocol=17 | dir=in | app=d:\pps.tv\ppsgame\ppsgame.exe | 
"{60CF5D25-3C5C-4B8B-B503-9FE5945D3E70}" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe | 
"{6D9CB6FF-8CFB-4F98-B44F-ECBD9464BF48}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{724F93FA-FBBF-4750-89EB-C9184ED38BC0}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{8776E7B3-50D3-475E-B9E7-D57D2590C9E8}" = dir=in | app=d:\pps.tv\ppsgame\ppswebclientgame.exe | 
"{A293D0D4-06F2-491F-8ED6-2684D4783E0F}" = protocol=6 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe | 
"{AAC4CE4A-7701-443C-92E7-F746DECCAE4E}" = dir=in | app=d:\pps.tv\ppstream\ppskernel.exe | 
"{AAD55EF2-C634-450D-B0CD-F54303307694}" = protocol=17 | dir=in | app=c:\program files\tencent\qqintl\bin\auclt.exe | 
"{B4F3BA99-2AAA-4214-8100-85641CAD25B0}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{C2B2328E-5748-47EA-9DC4-E5536428FE1F}" = protocol=17 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe | 
"{CEADC890-45F8-4E1B-91A4-FF57121FEA6E}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{CF8096B9-0816-48D6-A62C-A03D46F6CD58}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DC07682A-BD21-4A91-9610-F69CE76830B8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EAA54763-317F-4FB3-9276-580333D272DA}" = protocol=6 | dir=in | app=c:\program files\tencent\qqintl\bin\txupd.exe | 
"{F0675CA8-7322-4994-8808-96231C890BB9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{F3798E6B-D622-4F4B-A851-BB7C3B758B17}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{F3ADB6D0-9E99-4EDA-9C85-959C7D2D5F11}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{F3BD7D67-4C24-4ECE-A8A4-6B8070A1A23C}" = dir=in | app=c:\users\mui\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{F84CF247-42E4-4955-84D2-895CF520BA3B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{F9F257B8-75E4-4BE7-8570-09D8C5659833}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{FB4A7971-430C-43C6-8B09-9878836EDA3F}" = protocol=17 | dir=in | app=c:\program files\tencent\qqintl\bin\txupd.exe | 
"{FBED8A37-002F-4559-B94B-7BB88239E0DD}" = dir=in | app=d:\pps.tv\ppstream\ppstream.exe | 
"{FC319A6F-A2FA-4BD5-A2B3-6A2F5665DE29}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"TCP Query User{0086F261-DD58-4083-A9DE-91FCCE712D8B}C:\users\mui\datensicherung\documents\lf2.exe" = protocol=6 | dir=in | app=c:\users\mui\datensicherung\documents\lf2.exe | 
"TCP Query User{08887054-8139-4D06-A7D3-93B3CDD8EC07}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe | 
"TCP Query User{102E83D2-4F8B-48F5-9456-0E835DCC9C42}C:\users\mui\downloads\r-lf2\r-lf2\lf2.exe" = protocol=6 | dir=in | app=c:\users\mui\downloads\r-lf2\r-lf2\lf2.exe | 
"TCP Query User{32B88FF6-38AF-432A-942F-D4D5FF35D017}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{45602BDF-2727-47DD-AD0F-F275DBC9472E}C:\program files\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"TCP Query User{576B86F5-B270-4814-B85F-AF6A8B9CFD6E}D:\pps.tv\ppstream\ppsap.exe" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppsap.exe | 
"TCP Query User{5E02096F-55A2-42F9-BA32-940FAB96C40D}C:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 
"TCP Query User{64447110-BFB5-447B-817F-6F0353DF99A1}C:\program files\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 
"TCP Query User{6B238FC1-ECB5-4C87-979C-E5AA2D36E045}C:\program files\tencent\qq_en\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qq_en\bin\qq.exe | 
"TCP Query User{6C9D6D7C-7B9C-4864-9813-A1DE78E87DC8}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe | 
"TCP Query User{73AE9F2C-2050-432E-AF16-E6D5FCF4D2D5}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{8541BB5F-A7AF-450E-ACC0-B14D186B9CA6}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{A8A51FBD-E125-4430-8472-0606E5105166}C:\program files\tencent\qq_en\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qq_en\bin\qq.exe | 
"TCP Query User{B7751303-A987-47DA-8E33-B887B56C01A9}D:\pps.tv\ppstream\ppskernel.exe" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppskernel.exe | 
"TCP Query User{CB3B9B4B-8FB1-41B1-975F-A4B931CA5F11}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{EB85E72F-8F0C-4060-A56D-1E999730DDB4}C:\program files\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | 
"TCP Query User{F3EF48A5-05F3-4CA0-855E-AF90A5FF970A}C:\program files\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | 
"UDP Query User{0542C2D8-C775-40E6-8649-2D62FE423773}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe | 
"UDP Query User{06FE0103-F800-410F-8B4A-32FE2BD2FD15}C:\program files\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | 
"UDP Query User{15E467AF-9587-430D-9EF7-0D5D4FB1A9C4}C:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 
"UDP Query User{227004B6-6FFC-4972-836D-ED7C10071AD6}C:\users\mui\downloads\r-lf2\r-lf2\lf2.exe" = protocol=17 | dir=in | app=c:\users\mui\downloads\r-lf2\r-lf2\lf2.exe | 
"UDP Query User{2A6A8ACD-93AC-4F6B-83E2-A2E197C87210}C:\users\mui\datensicherung\documents\lf2.exe" = protocol=17 | dir=in | app=c:\users\mui\datensicherung\documents\lf2.exe | 
"UDP Query User{3602C5CB-3372-4711-8777-DC2DA01D585F}C:\program files\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 
"UDP Query User{413643D5-AE33-4661-881F-7E407FD32CB5}C:\program files\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"UDP Query User{617057E2-63FF-496A-ADC4-47C82945E2CD}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe | 
"UDP Query User{672A2DEA-E220-411E-8AC6-320C0CCA6A86}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{98CDF29F-18C2-4EE6-BCCE-C3B4249309EB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{A715CD06-D14F-4946-8CB2-CD8C5F2AE42C}C:\program files\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | 
"UDP Query User{A9490DBB-47BE-4233-93F4-808EE7F0EFBF}C:\program files\tencent\qq_en\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qq_en\bin\qq.exe | 
"UDP Query User{D2C652B1-3432-4A5F-940C-55579630E02C}C:\program files\tencent\qq_en\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qq_en\bin\qq.exe | 
"UDP Query User{DD2B4545-FA72-4945-8D8F-068728EB7EB1}D:\pps.tv\ppstream\ppskernel.exe" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppskernel.exe | 
"UDP Query User{E6C32ED9-8A0A-41F2-B6A0-811456236BD8}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{FB374624-716E-466A-AF2C-E78236B53DB5}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{56D01524-CD68-4576-B1AE-D572E8EAFF3D}" = Adblock IE 2.2
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Audacity_is1" = Audacity 2.0.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"bi_uninstaller" = Bundled software uninstaller
"delta" = Delta toolbar  
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FilesFrog Update Checker" = FilesFrog Update Checker
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Little Fighter 2 version 2.0a" = Little Fighter 2 version 2.0a
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NJStar Communicator" = NJStar Communicator
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PPSGame" = PPSGame V1.0.2.6
"PPStream" = PPStream V2.7.0.1516 Final
"RealPlayer 12.0" = RealPlayer
"Searchqu Toolbar" = Searchqu Toolbar
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 0.9.6
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"World of Warcraft" = World of Warcraft
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.03.2012 10:23:20 | Computer Name = Mui-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.03.2012 12:30:05 | Computer Name = Mui-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.03.2012 15:13:00 | Computer Name = Mui-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.19088 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. überprüfen Sie den Problemverlauf im Applet
 "L?sungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1648  Anfangszeit: 01cd0c3c952d6aa5  Zeitpunkt
 der Beendigung: 17
 
Error - 27.03.2012 18:04:07 | Computer Name = Mui-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.03.2012 02:27:48 | Computer Name = Mui-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.03.2012 11:01:38 | Computer Name = Mui-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.03.2012 18:02:09 | Computer Name = Mui-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.03.2012 02:25:29 | Computer Name = Mui-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.03.2012 10:31:08 | Computer Name = Mui-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.03.2012 12:40:35 | Computer Name = Mui-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 07.06.2013 08:43:46 | Computer Name = Mui-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 07.06.2013 09:17:25 | Computer Name = Mui-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 07.06.2013 09:20:19 | Computer Name = Mui-PC | Source = Service Control Manager | ID = 7038
Description = 
 
Error - 07.06.2013 09:20:19 | Computer Name = Mui-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.06.2013 16:46:41 | Computer Name = Mui-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 07.06.2013 16:49:53 | Computer Name = Mui-PC | Source = Service Control Manager | ID = 7038
Description = 
 
Error - 07.06.2013 16:49:53 | Computer Name = Mui-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.06.2013 02:06:23 | Computer Name = Mui-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 08.06.2013 02:09:07 | Computer Name = Mui-PC | Source = Service Control Manager | ID = 7038
Description = 
 
Error - 08.06.2013 02:09:07 | Computer Name = Mui-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
Die Dateien für Laptop folgen gleich.
__________________

Alt 08.06.2013, 16:42   #4
Treengo
 
Telekom Brief; Verdacht auf Trojaner - Standard

Telekom Brief; Verdacht auf Trojaner



Hier sind die OTL.txt und Extras.txt Dateien für den Laptop:

OTL.txt
Code:
ATTFilter
OTL logfile created on: 8/6/2013 17:08:22 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\FUJITSU\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C04 | Country: Hong Kong S.A.R. | Language: ZHH | Date Format: d/M/yyyy
 
2.95 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 53.97% Memory free
6.13 Gb Paging File | 4.98 Gb Available in Paging File | 81.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.61 Gb Total Space | 62.37 Gb Free Space | 43.13% Space Free | Partition Type: NTFS
Drive D: | 144.61 Gb Total Space | 144.15 Gb Free Space | 99.68% Space Free | Partition Type: NTFS
 
Computer Name: FUJITSU-PC | User Name: FUJITSU | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/08 17:01:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\FUJITSU\Desktop\OTL.exe
PRC - [2013/05/29 05:13:51 | 003,918,200 | ---- | M] (PPStream Inc.) -- D:\PPS.tv\PPStream\PPSKernel.exe
PRC - [2013/05/28 12:20:33 | 005,496,696 | ---- | M] (PPStream Inc.) -- D:\PPS.tv\PPStream\PPStream.exe
PRC - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/06 14:06:08 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/03/27 20:49:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/03/27 20:48:38 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/03/27 20:48:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/12/16 15:37:47 | 000,125,952 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
PRC - [2009/12/17 18:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/19 06:00:09 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/08/19 05:37:08 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/07/23 03:51:00 | 000,290,816 | ---- | M] (Vimicro) -- C:\Windows\VM331_STI.EXE
PRC - [2008/07/07 01:06:46 | 001,945,688 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
PRC - [2008/07/07 01:00:50 | 000,148,760 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2008/07/07 01:00:44 | 000,406,808 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/07/07 00:57:20 | 001,165,152 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
PRC - [2008/06/30 03:36:44 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe
PRC - [2008/06/03 08:43:18 | 000,131,072 | R--- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
PRC - [2008/05/24 01:07:00 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
PRC - [2008/05/23 07:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008/05/14 03:45:04 | 000,357,704 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2008/04/24 22:10:52 | 000,268,840 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
PRC - [2008/04/15 08:05:40 | 002,979,144 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008/04/01 04:08:50 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2008/02/22 19:33:00 | 000,104,960 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/02/06 00:17:24 | 000,047,656 | ---- | M] (.) -- C:\Program Files\Fujitsu\BtnHnd\BtnHndHkb.exe
PRC - [2008/02/01 08:35:20 | 000,062,760 | R--- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe
PRC - [2008/02/01 03:37:40 | 000,088,616 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2008/01/21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/29 01:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007/08/03 00:20:00 | 000,011,264 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\updnavi\updnvsrv.exe
PRC - [2007/08/03 00:18:00 | 000,167,936 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\updnavi\updatenv.exe
PRC - [2007/02/06 19:00:12 | 000,068,400 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
PRC - [2006/11/07 23:45:38 | 000,097,072 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/01/09 20:44:20 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2012/01/08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/07/07 00:19:08 | 000,050,456 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Common\gc.dll
MOD - [2005/07/23 06:30:18 | 000,065,536 | ---- | M] () -- C:\Windows\System32\TosCommAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/05/17 13:02:15 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/16 12:36:02 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/27 20:49:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/03/27 20:48:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/03/01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/16 15:37:47 | 000,125,952 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService)
SRV - [2009/12/17 18:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2008/08/19 06:00:09 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/07/07 01:00:44 | 000,406,808 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/05/23 07:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/02/22 19:33:00 | 000,104,960 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/02/01 08:35:20 | 000,062,760 | R--- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV - [2008/01/21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/08/03 00:20:00 | 000,011,264 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\updnavi\updnvsrv.exe -- (UpdateNaviInstallService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - [2013/03/27 20:49:11 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/03/27 20:49:11 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/03/27 20:49:11 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 16:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/08/21 01:25:40 | 000,400,864 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2009/08/21 01:25:40 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2009/08/21 01:25:40 | 000,040,064 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/11/11 14:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 14:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 14:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/08/19 06:00:09 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/07/25 07:19:00 | 000,975,616 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vm331avs.sys -- (vm331avs)
DRV - [2008/07/01 04:56:12 | 000,917,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/05/23 12:07:16 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2008/05/14 01:16:06 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2008/04/24 02:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008/04/18 15:43:40 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/25 22:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008/03/19 20:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008/01/21 04:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/11/29 18:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/03/19 09:15:00 | 000,475,136 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vvftav323.sys -- (vvftav323)
DRV - [2006/11/02 09:30:52 | 000,030,720 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006/11/01 13:59:24 | 000,005,632 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2006/11/01 13:20:28 | 000,005,888 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2005/01/07 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hk.fujitsu.com/pc
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hk.fujitsu.com/pc
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.plusnetwork.com/?sp=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://plusnetwork.com/?sp=brw&q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.17.1.5:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Plus! Network"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de-de.facebook.com/"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: bbrs_002%40blabbers.com:1.0.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: linkuryfirefoxremoteplugin@linkury.com:1.0
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.plusnetwork.com/?sp=addr&q="
FF - prefs.js..network.proxy.http: "195.64.196.242"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013/01/19 22:58:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/17 13:02:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/17 13:02:04 | 000,000,000 | ---D | M]
 
[2010/01/02 12:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\Extensions
[2013/05/08 22:34:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\Firefox\Profiles\yywmxr00.default\extensions
[2011/12/18 19:12:28 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\Firefox\Profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com
[2013/04/06 11:29:29 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\Firefox\Profiles\yywmxr00.default\extensions\ich@maltegoetz.de
[2012/12/11 23:47:40 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/05/08 22:34:12 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/11/08 13:01:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\007e9a9f5b0553de6731549af9d8167d_expire
[2012/05/31 12:05:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\01e5db4d4b4e067ef2417404c7741115_expire
[2013/03/23 22:52:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2011/11/25 22:46:21 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\035f82295f0ff55a33ccf300bf57631f_expire
[2013/02/16 22:40:08 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0bb66476c57d47d5a6fb7e7674377c0d_expire
[2012/05/23 14:36:36 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\102f6f0e8ada94b46176ac3fd91eb694_expire
[2013/04/07 23:08:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5_expire
[2012/05/23 14:10:30 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1b4f137ffe0d6bcea65e445742e8e685_expire
[2012/12/23 14:53:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1b56f16ed9915e2ddbdc7e781b9b40c4_expire
[2013/06/07 21:15:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1ba8dcb77ad3084a8e9c7b8837e6b859_expire
[2012/05/27 22:18:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1cae717a609d46190f77658ee7768d03_expire
[2013/03/10 17:09:30 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1d8715bd00dbafbff504a0b9666c85e1_expire
[2013/06/07 21:15:18 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1dd4a0fdeff86d7113af5bf9018092d1_expire
[2013/02/16 22:40:09 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\21a6fdff5cdeec15248bec4975ed92cb_expire
[2012/07/02 22:25:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\21d2bb231d3c04f5b6434220b2b1cb9e_expire
[2013/06/07 21:15:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2328e1768b820b18ab2f301c9ff88e2c_expire
[2013/06/07 21:15:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire
[2012/07/10 11:25:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\24aabe24d9b7b4a445fe1ddff60ce74d_expire
[2013/05/16 21:24:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\277a8fa54e28ecd52962c65ae09f7923_expire
[2013/04/30 20:45:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\27995a315232c8f0f18115234b83c42a_expire
[2012/05/27 22:18:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2800659db32f1a307bd9575f27a4bce9_expire
[2013/03/25 23:35:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire
[2011/12/19 21:33:51 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\295cc53b8adc91e6b0dcd86f727c138a_expire
[2013/06/08 16:59:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\29885a00fc20421354db5b581d6fb9c7_expire
[2013/02/20 00:05:29 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire
[2012/05/23 14:08:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2c53d289972e69e7e81577c21fdd593b_expire
[2013/06/08 16:59:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2e699bb621ffe89ade68eaef9df0d2d9_expire
[2012/08/11 22:09:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2e74403c227112bec523796d5a77d77e_expire
[2012/07/08 15:44:11 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2f69b14b68c25849cfb7abc31c5355f8_expire
[2012/12/19 21:39:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3023ea304694934d7ae4a2980eb93de4_expire
[2013/06/07 21:15:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\35be5402f067ffc68e907e81a84fb1f3_expire
[2013/04/20 11:05:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\38126fd00e0eb9d5ca912a5939b4755d_expire
[2012/08/17 16:57:32 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b507b6d0186efd3615b9b9233c5f708_expire
[2013/04/07 20:15:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3d7ac6206caeabc3e5955ad4ede73a32_expire
[2012/06/06 23:41:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3ee6bbef623a0ac7077352d3a4953dd7_expire
[2012/07/08 15:44:11 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\409dc4ca65bcc01439d855c7dd3360ea_expire
[2012/10/30 22:56:05 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\40e3ea44623e1e5db2de1acdf7eb2f8a_expire
[2012/07/09 11:34:10 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\47c8e93101435074defa1a58122ad1c7_expire
[2012/05/20 22:50:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4870f5baa646c6a601303fa8f1dad6ef_expire
[2012/08/28 15:58:07 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4ad053d40dfa5cab7948e9251df6e3d9_expire
[2013/06/02 00:20:08 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2012/09/04 18:21:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4ee61aeb9faeedf9f688a467a779ea96_expire
[2013/05/19 20:38:12 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\523d7b210506c14afc813021ceca69ca_expire
[2013/06/08 12:07:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\530e52021dc20843b1aa62957edeb9f8_expire
[2012/05/31 12:05:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5417125bc3e532bbf6507d4c7d8ac7b0_expire
[2013/06/08 16:59:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5788583a7409be95d97bfac3cdfea8c1_expire
[2012/05/20 13:40:30 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\579b035f19e1a0707f0294f32edcfa39_expire
[2012/05/23 14:08:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5a8686d61969b81997733c782fc226cf_expire
[2013/05/25 00:19:03 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5c07ce6ac7fa7b9ff2f3fd7a4d77eef8_expire
[2013/06/07 21:15:19 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5cdf8a7ef2ec84abac286c67587b78d9_expire
[2013/06/08 16:59:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5da170010c7d60c511b102f5dcf6ae5b_expire
[2012/05/23 14:08:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5ed19da221283f299333684825c61a6b_expire
[2012/10/20 21:50:35 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\608fb1265439dbf7f648e04f0f11d4c1_expire
[2012/09/04 18:21:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire
[2012/11/19 20:01:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\667befd0f3f7c8fde6cea034bd9f8e61_expire
[2013/01/01 14:14:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ec88a37be1bea7fa99383e8b8c69afe_expire
[2013/01/08 18:58:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\719f6985083c6f0c2a8fef7aa1f75d63_expire
[2013/04/21 22:50:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\72891ec935a3d247f2da6562ef29a005_expire
[2012/05/23 14:10:38 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\762f321c310035dacba4539d731284ce_expire
[2012/04/10 22:38:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\768412a1c6e2f386bd41b5670d561fc4_expire
[2012/10/21 21:50:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\77f74a3ba17cc6583beabc2a8d7e13db_expire
[2012/07/24 17:45:32 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\7acafe2d3e4c14a116bde4e028813ba7_expire
[2012/07/11 22:55:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\7afc04f75c99af49b833d06743e69768_expire
[2013/06/07 01:36:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\7c0022298b948a99e406a6310bffea7f_expire
[2013/06/07 21:15:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\80bdd74895296ba59ed249e55290d5c8_expire
[2011/12/21 23:22:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\80c56a238c33ccd81d90cbc7939c6c5e_expire
[2012/05/31 12:05:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\83ed2d62b3629381be4ff461166e8480_expire
[2012/04/04 22:12:21 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\845d35a3845a6b81af290ebab09006a3_expire
[2012/05/23 14:08:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\851bcd2d947640fb66c87aac19054c32_expire
[2013/05/18 22:12:18 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\867f10e9a70010ef71d15c41fd2874be_expire
[2012/07/11 22:55:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\87b21290866cab00a1fea6ecf40c1918_expire
[2012/12/17 19:30:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire
[2012/05/27 22:18:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8a9418c23c13a5a04c34bec8df5352c8_expire
[2013/06/08 16:59:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8f43b50088266b9870b42ce6ef7ffbde_expire
[2012/11/27 23:06:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire
[2012/07/09 11:34:10 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9319bddf873cd62f8c0abd827cc10a6b_expire
[2013/01/19 19:13:11 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\955571742befe31f5193475438c5602f_expire
[2012/05/23 14:12:40 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\97fc67931046beb0231ce812417f164a_expire
[2012/05/31 12:05:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9dc8414e1b352cbe0663cc5f2b2490fb_expire
[2013/02/19 17:21:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9ef5e4c08312c8e6d81dfd42b7176e39_expire
[2013/04/21 22:50:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a2853631512ec717cfd936b9a1f41b5c_expire
[2012/08/02 13:56:30 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a35ec2adf572a908b47081c94acefc6d_expire
[2013/03/25 23:20:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire
[2013/06/04 23:15:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4978ceb564459d3d64682b37d89bbe3_expire
[2013/04/29 19:55:55 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire
[2012/07/10 11:25:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\acf1266707f20bbb676d16ae40f3f12d_expire
[2013/03/09 22:57:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\addabc0e1349eebead03532357f33ad8_expire
[2013/01/16 23:45:53 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\adf275b6644b3fcac86a14ffe551dede_expire
[2013/06/05 21:21:19 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b1ee91b2ef2163f40d85f38713cdc027_expire
[2013/06/08 16:59:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b4e6d346c3e211a88a4175dba0d9e052_expire
[2012/08/12 19:57:05 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b590e59d04fbf1a2e539ed0365d8391a_expire
[2012/08/27 15:10:12 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b5bc7084382de95cb69790e5d10db338_expire
[2012/09/05 17:48:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b98ec85a6f6b5dca57a81c971a2ec1f5_expire
[2012/07/02 22:25:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bd75b259da6df295d57bcf03a94e1ba6_expire
[2013/03/25 23:35:12 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire
[2012/07/24 17:45:32 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c1c44ca1d695da7ece0f59471a8950a1_expire
[2012/06/06 23:41:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c4a4e7d52f3f8044d9a639a16862ea54_expire
[2013/06/04 23:15:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c75261e846ce457d11060410767952c4_expire
[2012/10/28 13:06:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire
[2012/08/19 23:23:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire
[2013/06/08 11:06:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cf28706faad49b5cccfc9e9e3ebbd818_expire
[2011/10/27 11:46:32 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cf87db3efc99e942bedf72cf557feabb_expire
[2012/05/20 22:50:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d61cdfce7e564c2af9695c5b4da97f80_expire
[2013/02/21 14:06:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d6407da917e78b4f045697ed666fbcb9_expire
[2013/01/13 23:08:11 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d6819d73321b1d4654cdce0c282871fd_expire
[2012/08/19 23:23:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d6867a63f98943c5d45ac3e1e96e45bb_expire
[2012/08/26 15:59:15 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d83bb387de1d7c4401815e133de06c6b_expire
[2012/12/19 21:39:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d89bfd841403290d610bcf662008b443_expire
[2012/08/15 19:48:36 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire
[2012/10/30 22:56:05 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\df4525cd4117d8ae1c7453b139759242_expire
[2012/09/05 17:48:29 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e02b35320e5111f1b626466c13c70a0a_expire
[2012/05/19 23:15:21 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e05508e03bf34762151d9d19fffe93df_expire
[2011/12/12 12:08:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e0f1337b66f08442c075a4178ef3b007_expire
[2012/09/05 17:18:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e2ba8bade2b6471a4e6a9db92b44f5b1_expire
[2013/06/08 16:59:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e440d29f88739418e905adc0a155a174_expire
[2012/08/25 21:49:13 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e7215b147326809c45f6cf0952274624_expire
[2013/04/07 23:08:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e7d8325da90d91d3c4e7720f0e629e17_expire
[2013/06/07 21:15:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2012/05/27 22:18:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ea15f46b68de3232a26cfd2fe6a67eb7_expire
[2012/11/19 20:01:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire
[2012/10/21 21:59:07 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece71b71690fad200cbed95871ef4bb2_expire
[2012/05/31 12:05:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ed0c923c82a39debf5c71d22f5ef3dc7_expire
[2013/06/05 21:21:18 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ee2135fec207a636822e2513020c079a_expire
[2011/11/09 13:34:03 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ef28fe6e4f8adf440e17d86f964a51f0_expire
[2011/12/22 23:23:05 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ef7b33f6a532640a1c82c7aefb7373f0_expire
[2013/04/07 13:46:30 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire
[2013/04/07 20:15:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f1586b879e32b889596b836c8855994f_expire
[2012/05/27 22:18:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f7c63b13407f14f24c0e3a83e0b48e5c_expire
[2012/05/23 14:08:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f7d063f20a5874a655b5c650c8f266ec_expire
[2013/06/02 00:20:07 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2012/09/02 15:16:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fb2a2d37c3a5abdb2d5c51d90fdaebc4_expire
[2013/04/07 20:15:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fd884a02221ff58a33d44bd2b23a7ab9_expire
[2013/06/02 00:20:07 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2013/06/05 18:31:13 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-1.xml
[2010/10/21 14:08:37 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-10.xml
[2010/10/29 12:30:55 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-11.xml
[2010/12/12 13:15:21 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-12.xml
[2011/03/02 12:58:49 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-13.xml
[2011/03/05 11:53:00 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-14.xml
[2011/03/24 15:18:15 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-15.xml
[2011/04/25 15:20:45 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-16.xml
[2010/03/23 20:35:41 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-2.xml
[2010/04/02 15:52:27 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-3.xml
[2010/06/23 21:41:23 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-4.xml
[2010/06/28 15:58:27 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-5.xml
[2010/07/22 12:46:35 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-6.xml
[2010/07/25 12:24:44 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-7.xml
[2010/09/08 12:49:00 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-8.xml
[2010/09/18 10:19:52 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-9.xml
[2010/03/11 17:51:20 | 000,000,958 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin.xml
[2012/01/06 13:30:27 | 000,002,314 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\Messenger Plus Smartbar Search.xml
[2012/01/27 21:43:25 | 000,002,770 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\Plusnetwork.xml
[2013/05/17 13:02:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions
[2013/05/17 13:02:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/30 17:11:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
 
========== Chrome  ==========
 
CHR - default_search_provider: Messenger Plus Smartbar Search (Enabled)
CHR - default_search_provider: search_url = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.plusnetwork.com/?sp=hp/
 
O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [331BigDog] C:\Windows\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updatenv.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [PSUtility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TvOutSwitch] c:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (PPStream Inc.)
O4 - Startup: C:\Users\FUJITSU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk = D:\PPS.tv\PPStream\PPStream.exe (PPStream Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\FUJITSU\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\FUJITSU\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{686D1F74-0519-4F9A-A403-2FFF9464FAE8}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\FUJITSU\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\FUJITSU\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3904ee46-1435-11e1-8ba7-002326650d1f}\Shell - "" = AutoRun
O33 - MountPoints2\{3904ee46-1435-11e1-8ba7-002326650d1f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3904ee74-1435-11e1-8ba7-002326650d1f}\Shell - "" = AutoRun
O33 - MountPoints2\{3904ee74-1435-11e1-8ba7-002326650d1f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3904ee75-1435-11e1-8ba7-002326650d1f}\Shell - "" = AutoRun
O33 - MountPoints2\{3904ee75-1435-11e1-8ba7-002326650d1f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7d35514c-df2a-11de-8a0f-002326650d1f}\Shell - "" = AutoRun
O33 - MountPoints2\{7d35514c-df2a-11de-8a0f-002326650d1f}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Yahoo! Messenger
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/08 17:01:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\FUJITSU\Desktop\OTL.exe
[2013/06/07 13:38:27 | 000,000,000 | ---D | C] -- C:\Users\FUJITSU\AppData\Roaming\Malwarebytes
[2013/06/07 13:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/07 13:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/07 13:38:07 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/06/07 13:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/17 13:02:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/17 12:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/17 12:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/05/17 12:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/05/17 12:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[1 C:\Users\FUJITSU\AppData\Local\*.tmp files -> C:\Users\FUJITSU\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/08 17:03:34 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/08 17:03:34 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/08 17:01:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\FUJITSU\Desktop\OTL.exe
[2013/06/08 16:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/08 15:25:30 | 000,632,380 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/08 15:25:30 | 000,119,006 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/08 15:03:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/08 15:03:26 | 3172,868,096 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/07 13:38:09 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/06/04 19:25:29 | 000,000,649 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk
[2013/06/04 19:25:29 | 000,000,633 | ---- | M] () -- C:\Users\Public\Desktop\PPStream.lnk
[2013/06/04 19:25:29 | 000,000,633 | ---- | M] () -- C:\Users\FUJITSU\Application Data\Microsoft\Internet Explorer\Quick Launch\PPStream.lnk
[2013/05/29 16:29:13 | 000,016,896 | ---- | M] () -- C:\Users\FUJITSU\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/25 13:29:04 | 000,028,045 | ---- | M] () -- C:\Users\FUJITSU\Documents\Essay Lung.odt
[2013/05/17 12:08:27 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/16 18:46:02 | 000,391,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\FUJITSU\AppData\Local\*.tmp files -> C:\Users\FUJITSU\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/07 13:38:09 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/05/19 17:51:31 | 000,028,045 | ---- | C] () -- C:\Users\FUJITSU\Documents\Essay Lung.odt
[2013/05/17 12:08:27 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/26 21:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/09/26 21:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/09/26 21:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/09/26 21:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/08/30 12:08:04 | 000,000,204 | ---- | C] () -- C:\ProgramData\a6a8008388080ff88b184073dfc9b946c0134559
[2010/01/14 17:17:46 | 000,000,863 | ---- | C] () -- C:\Users\FUJITSU\.recently-used.xbel
[2009/08/19 08:42:04 | 000,016,896 | ---- | C] () -- C:\Users\FUJITSU\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/18 06:05:29 | 000,000,680 | ---- | C] () -- C:\Users\FUJITSU\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/04/17 15:14:26 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\Aegisub
[2013/01/19 22:58:49 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\DVDVideoSoft
[2012/10/09 17:34:02 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/08/16 13:44:19 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\FileZilla
[2010/06/06 15:55:11 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\FreeFLVConverter
[2010/06/06 16:25:22 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\GetRightToGo
[2010/01/14 17:17:46 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\gtk-2.0
[2010/12/19 23:22:43 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\ICQ
[2013/02/08 22:44:55 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\LeeGT-Games
[2009/12/02 19:59:14 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\LG Electronics
[2011/08/20 19:12:13 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\LolClient
[2013/04/28 16:25:04 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\MOVAVI
[2010/06/06 16:06:13 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\Moyea
[2010/09/13 14:55:24 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\NJStar
[2010/02/28 15:56:12 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\OpenOffice.org
[2013/06/08 17:04:46 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\PPStream
[2009/12/18 23:07:22 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\TeamViewer
[2013/02/11 00:46:08 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2009/08/18 06:03:34 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009/11/28 12:26:08 | 000,000,000 | -HSD | M] -- C:\Boot
[2006/11/02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008/09/12 03:32:37 | 000,000,000 | ---D | M] -- C:\Drivers
[2008/09/12 04:39:58 | 000,000,000 | ---D | M] -- C:\Model
[2008/01/21 04:43:50 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013/06/07 13:38:07 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/06/07 13:38:08 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009/12/02 20:02:44 | 000,000,000 | ---D | M] -- C:\Sounds
[2013/06/08 17:11:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/09/14 20:44:27 | 000,000,000 | ---D | M] -- C:\Temp
[2009/08/18 05:57:59 | 000,000,000 | R--D | M] -- C:\Users
[2013/06/08 12:13:25 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006/11/02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006/11/02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006/11/02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006/11/02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009/04/11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006/11/02 14:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 14:58:10 | 000,032,570 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/03 11:49:54 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2008/08/19 05:35:47 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Drivers\SATA\IaStor.sys
[2008/08/19 05:35:47 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\drivers\iaStor.sys
[2008/08/19 05:35:47 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1ab0331f\iaStor.sys
[2008/08/19 05:35:47 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8e717be2\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008/01/21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 04:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008/01/21 04:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008/01/21 04:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009/04/11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009/04/11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/01/21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008/01/21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008/01/21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008/01/21 05:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 05:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 05:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2010/01/14 17:17:46 | 000,000,863 | ---- | M] () -- C:\Users\FUJITSU\.recently-used.xbel
[2013/06/08 17:08:24 | 004,718,592 | -HS- | M] () -- C:\Users\FUJITSU\ntuser.dat
[2013/06/08 17:08:24 | 000,262,144 | -H-- | M] () -- C:\Users\FUJITSU\ntuser.dat.LOG1
[2009/08/18 05:57:59 | 000,000,000 | -H-- | M] () -- C:\Users\FUJITSU\ntuser.dat.LOG2
[2013/06/08 12:12:22 | 000,065,536 | -HS- | M] () -- C:\Users\FUJITSU\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2013/06/08 12:12:22 | 000,524,288 | -HS- | M] () -- C:\Users\FUJITSU\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2013/06/03 23:30:08 | 000,524,288 | -HS- | M] () -- C:\Users\FUJITSU\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2009/08/18 05:58:00 | 000,000,020 | -HS- | M] () -- C:\Users\FUJITSU\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Files - Unicode (All) ==========
[2010/05/31 12:00:40 | 000,001,868 | ---- | M] ()(C:\Users\Public\Desktop\Acronis?True?Image 10.0.lnk) -- C:\Users\Public\Desktop\Acronis*True*Image 10.0.lnk
[2009/08/21 01:25:39 | 000,001,868 | ---- | C] ()(C:\Users\Public\Desktop\Acronis?True?Image 10.0.lnk) -- C:\Users\Public\Desktop\Acronis*True*Image 10.0.lnk

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 8/6/2013 17:08:22 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\FUJITSU\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C04 | Country: Hong Kong S.A.R. | Language: ZHH | Date Format: d/M/yyyy
 
2.95 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 53.97% Memory free
6.13 Gb Paging File | 4.98 Gb Available in Paging File | 81.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.61 Gb Total Space | 62.37 Gb Free Space | 43.13% Space Free | Partition Type: NTFS
Drive D: | 144.61 Gb Total Space | 144.15 Gb Free Space | 99.68% Space Free | Partition Type: NTFS
 
Computer Name: FUJITSU-PC | User Name: FUJITSU | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053D97C5-20AB-4DED-97A8-3A56880F9BD1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{1D0AE348-D159-4EB2-98F8-935F15894D98}" = rport=139 | protocol=6 | dir=out | app=system | 
"{236C824B-4381-43FC-9ADE-EEB49D832E70}" = rport=137 | protocol=17 | dir=out | app=system | 
"{26701E76-834D-4644-8E3C-7403AF233AB6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{34D40155-9151-4C00-9CD0-4A3FDFD65C1A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{4E2F6EB3-416B-43D8-BCF6-9B0D0CE277D2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{54425BA3-7777-420B-9D0F-E1B744B06A67}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6D5020C0-7E2C-4C77-A865-5B4670599F6F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{81F65CEF-CC28-4705-AA6C-EA6A4298C364}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8CCB002F-909D-4CB3-B06B-8F7C005E8EBD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{92B44FC0-B1D2-4BA4-A620-3286AB7B35CC}" = lport=138 | protocol=17 | dir=in | app=system | 
"{95B96235-2506-48D8-832C-21744D3147B3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B87604E6-11D8-4CE6-9871-C64BF3D00356}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CDA01FCA-F1E0-4EBC-A69F-CCA520DE3F00}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0218B80C-3C43-4E39-B557-C3D303CE7BE3}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{06C4DC83-DF06-42B8-A03D-F8F31BAFAFF1}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{0B916ED9-F308-49E1-8ECD-48BE917F19CD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0F3B2D11-AE45-4134-978C-9C9C1C547738}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{142A1289-2AB0-485F-B3FC-021B36EA1E5D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1D4B666B-87E5-41BE-8E43-061DC10EDFE9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2519B653-20D9-49E9-BE9E-5537403AA88B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{302B48CB-1567-45A0-91BF-57066380521E}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{3B46DC47-9059-467C-B8F2-FAD6A20E023E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{448EBA91-AE52-4AB5-94C7-ACF93BCA7452}" = dir=in | app=d:\pps.tv\ppstream\ppskernel.exe | 
"{46C4D847-E5F4-42CA-BD23-3404C2863914}" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe | 
"{4E823FC3-AB44-471B-A582-3078C874ABCF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{540CD45C-94D4-4811-A79F-612E2A421C6C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{58C00E80-5810-4F4C-AF94-665DF312B6E8}" = protocol=17 | dir=in | app=d:\pps.tv\ppsgame\ppsgame.exe | 
"{5D51562D-B313-4994-AE85-8E2A947731BC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{7754A5F4-3522-4AF7-8305-813407EFB2EE}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{86D9D94C-FA14-4205-83CF-832CFD215E4C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{87FCFE2D-5AB2-494F-9F80-11C43A0790E0}" = dir=in | app=c:\users\fujitsu\appdata\roaming\ppstream\ppsupdate.exe | 
"{923F94D4-6214-448F-B2EA-745BE83D1163}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A1AE0129-3247-41EF-915F-7696009B4238}" = dir=in | app=c:\users\fujitsu\appdata\roaming\ppstream\ppsupdate.exe | 
"{A21C68E8-F3F0-4023-B1CF-779C4E872764}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{A76213D1-585D-4C33-A709-80EBD50F8149}" = dir=in | app=d:\pps.tv\ppstream\ppstream.exe | 
"{AF7727A1-8BC5-4497-B062-A0E08A20E514}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CBD41076-18A4-4B93-9C54-19253ECFAB83}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{D7AD0269-E0A0-4992-9E38-CC2BEC5D71F6}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{D8A1E1E2-CD55-4BDC-A47F-EC832846B016}" = dir=in | app=d:\pps.tv\ppstream\ppstream.exe | 
"{DD77B95E-8AD1-427D-8C0D-7A6ACB424CE4}" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe | 
"{E5CB18FC-0F9C-4CB3-A793-CC0651FBC78C}" = protocol=6 | dir=in | app=d:\pps.tv\ppsgame\ppsgame.exe | 
"{E6EEB1FC-BCFF-4524-AB7D-B50BF9E9C2CC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{FC3321F7-CA1E-4BB8-82F6-FDF1A1482990}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"TCP Query User{00CDC05F-7F9E-4CEC-B8A3-677139E6C634}D:\pps.tv\ppstream\ppstream.exe" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe | 
"TCP Query User{09B83806-E60A-4153-B29D-B404DE8D78F8}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{24F52197-EA18-4BB7-8AE7-6289C54F0141}C:\program files\njstar communicator\minismtp.exe" = protocol=6 | dir=in | app=c:\program files\njstar communicator\minismtp.exe | 
"TCP Query User{C9DC28F6-19EB-439A-BE60-6B70439FAE76}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{CBE83BD6-18E9-46E8-9D93-B60975D2EA9A}D:\pps.tv\ppstream\ppskernel.exe" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppskernel.exe | 
"TCP Query User{CF1E5B9B-B069-4A91-BDB7-6645E9F42273}C:\program files\littlefighter2\lf2_v2.0a\lf2.exe" = protocol=6 | dir=in | app=c:\program files\littlefighter2\lf2_v2.0a\lf2.exe | 
"TCP Query User{DA171835-00AB-4254-8F13-464ACDBA571B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{15BB43DD-6647-47F6-B98C-04DE00AC23E5}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{4322DEEA-C1DE-42DF-842B-E0C6E63DBE38}C:\program files\littlefighter2\lf2_v2.0a\lf2.exe" = protocol=17 | dir=in | app=c:\program files\littlefighter2\lf2_v2.0a\lf2.exe | 
"UDP Query User{6D446112-B1B2-4D7A-84B2-5F9594D68FC0}D:\pps.tv\ppstream\ppstream.exe" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe | 
"UDP Query User{70B216F5-2BBE-43BB-811D-2B8F9EFA4BD6}D:\pps.tv\ppstream\ppskernel.exe" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppskernel.exe | 
"UDP Query User{A8AB2B0B-EE9C-4DE2-862A-E19BEA6ADFE9}C:\program files\njstar communicator\minismtp.exe" = protocol=17 | dir=in | app=c:\program files\njstar communicator\minismtp.exe | 
"UDP Query User{E8626919-DE98-4BC2-9DDD-99A8218D85B5}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{F7AACD66-0895-47A1-A483-D283A8C2CAB1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{47BC37A3-35C8-484A-8CBD-851914EB095E}" = Update Navi
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50AD75E8-547E-4998-8C06-BF5CEEF30813}" = Acronis*True*Image
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple 應用程式支援
"{5D2C8A12-C5DD-4AE4-9EA7-DA2BE97CF97D}" = Fujitsu Display Manager
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AFCE4BA-2F84-4ED4-8C7E-80B7DC868E81}" = ArcSoft WebCam Companion 2
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.0 "Legend"
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A33E457B-5369-481F-8B53-71108AE2EB5B}" = Roxio Creator LJ
"{A7FA30B4-5E93-4222-97B0-089C46C8D3FD}" = Power Saving Utility
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = USB2.0 Digital Camera
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"InstallShield_{5D2C8A12-C5DD-4AE4-9EA7-DA2BE97CF97D}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{A7FA30B4-5E93-4222-97B0-089C46C8D3FD}" = Power Saving Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"Little Fighter 2 version 2.0a" = Little Fighter 2 version 2.0a
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Messenger Plus!" = Messenger Plus!
"Messenger Plus! for Skype" = Messenger Plus! for Skype
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NJStar Communicator" = NJStar Communicator
"NosTale(DE)_is1" = Nostale(DE)
"NosTale(UK)_is1" = Nostale(UK)
"PC-Doctor for Windows" = Fujitsu Hardware Diagnostics Tool
"PPSGame" = PPS蚔牁 V1.0.1.238
"PPStream" = PPStream V3.1.0.1044 Final
"RarZilla Free Unrar" = RarZilla Free Unrar
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VLC media player 1.0.3
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.3
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/6/2013 8:55:33 | Computer Name = FUJITSU-PC | Source = MsgPlusService | ID = 0
Description = 
 
Error - 7/6/2013 13:02:59 | Computer Name = FUJITSU-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 7/6/2013 17:52:31 | Computer Name = FUJITSU-PC | Source = MsgPlusService | ID = 0
Description = 
 
Error - 7/6/2013 17:52:31 | Computer Name = FUJITSU-PC | Source = MsgPlusService | ID = 0
Description = 
 
Error - 8/6/2013 5:01:14 | Computer Name = FUJITSU-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 8/6/2013 5:05:26 | Computer Name = FUJITSU-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 8/6/2013 6:12:18 | Computer Name = FUJITSU-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 21.0.0.4879, Zeitstempel
 0x518ec3cc, fehlerhaftes Modul xul.dll, Version 21.0.0.4879, Zeitstempel 0x518ec306,
 Ausnahmecode 0xc0000005, Fehleroffset 0x001c9789,  Prozess-ID 0x1614, Anwendungsstartzeit
 01ce64276066256a.
 
Error - 8/6/2013 6:13:30 | Computer Name = FUJITSU-PC | Source = MsgPlusService | ID = 0
Description = 
 
Error - 8/6/2013 6:13:30 | Computer Name = FUJITSU-PC | Source = MsgPlusService | ID = 0
Description = 
 
Error - 8/6/2013 9:05:12 | Computer Name = FUJITSU-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 7/6/2013 8:34:02 | Computer Name = FUJITSU-PC | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 192.168.2.106
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 7/6/2013 8:39:12 | Computer Name = FUJITSU-PC | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 192.168.2.106
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 7/6/2013 8:44:22 | Computer Name = FUJITSU-PC | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 192.168.2.106
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 7/6/2013 8:49:32 | Computer Name = FUJITSU-PC | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 192.168.2.106
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 7/6/2013 8:54:54 | Computer Name = FUJITSU-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 7/6/2013 13:02:59 | Computer Name = FUJITSU-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 7/6/2013 17:52:28 | Computer Name = FUJITSU-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 8/6/2013 5:01:15 | Computer Name = FUJITSU-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 8/6/2013 6:13:29 | Computer Name = FUJITSU-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 8/6/2013 9:05:12 | Computer Name = FUJITSU-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
Nochmals Danke für die Antwort!

LG

Treengo

Alt 08.06.2013, 16:56   #5
markusg
/// Malware-holic
 
Telekom Brief; Verdacht auf Trojaner - Standard

Telekom Brief; Verdacht auf Trojaner



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [Ehycex] C:\Users\Mui\AppData\Roaming\Azgiqy\ulofa.exe (Sysinternals - www.sysinternals.com)
[2013.05.18 10:03:21 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Avygz
[2013.04.29 18:11:05 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Azgiqy
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.06.2013, 17:24   #6
Treengo
 
Telekom Brief; Verdacht auf Trojaner - Standard

Telekom Brief; Verdacht auf Trojaner



Danke für die Antwort

Hier ist der Inhalt der besagten Datei:

PC:
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Ehycex deleted successfully.
C:\Users\Mui\AppData\Roaming\Azgiqy\ulofa.exe moved successfully.
C:\Users\Mui\AppData\Roaming\Avygz folder moved successfully.
C:\Users\Mui\AppData\Roaming\Azgiqy folder moved successfully.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mui
->Temp folder emptied: 495838556 bytes
->Temporary Internet Files folder emptied: 5158558211 bytes
->Java cache emptied: 343546 bytes
->Google Chrome cache emptied: 284339185 bytes
->Flash cache emptied: 5 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 312622125 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 5.962,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06082013_180552

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Laptop:
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Ehycex not found.
File C:\Users\Mui\AppData\Roaming\Azgiqy\ulofa.exe not found.
Folder C:\Users\Mui\AppData\Roaming\Avygz\ not found.
Folder C:\Users\Mui\AppData\Roaming\Azgiqy\ not found.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: FUJITSU
->Temp folder emptied: 1718 bytes
->Temporary Internet Files folder emptied: 5579081 bytes
->Java cache emptied: 19995565 bytes
->FireFox cache emptied: 387156658 bytes
->Flash cache emptied: 3215 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4600145 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 398.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06082013_180320

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Ich hoffe, ich habe es richtig gemacht. Die Dateien wurden erfolgreich hochgeladen.

Alt 08.06.2013, 17:27   #7
markusg
/// Malware-holic
 
Telekom Brief; Verdacht auf Trojaner - Standard

Telekom Brief; Verdacht auf Trojaner



danke
nutzt ihr den PC fürs onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.06.2013, 17:31   #8
Treengo
 
Telekom Brief; Verdacht auf Trojaner - Standard

Telekom Brief; Verdacht auf Trojaner



bitte

Also beim Laptop ist alles dabei, also von Ebay über Beruflichen Sachen bis hin zum Online-Banking. Bei dem PC beschränkt es sich auf Amazon.

LG

Alt 08.06.2013, 17:35   #9
markusg
/// Malware-holic
 
Telekom Brief; Verdacht auf Trojaner - Standard

Telekom Brief; Verdacht auf Trojaner



Hi,
du hast eine Malware, die sensible Daten stiehlt.

Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und der sicherste Weg, zumal du deinen PC
fürs einkaufen, verwendest
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.
wir könnten ihn also einmal neu machen, und dann vernünftig absichern,
Anleitungen kann ich dir geben, egal wofür du dich entscheidest
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.06.2013, 17:42   #10
Treengo
 
Telekom Brief; Verdacht auf Trojaner - Standard

Telekom Brief; Verdacht auf Trojaner



Also betrifft das jetzt beide Rechner oder nur den PC?

Ich wäre für das Formatieren, aber ich habe die CD, die mitgeliefert wird, nicht mehr. Geht das dann trotzdem noch ?
Beim Formatieren muss ich "nur" darauf achten, dass ich alle meine Daten sichere oder geht das auch nicht mehr, weil sie von der Malware befallen sind?

LG

Alt 08.06.2013, 17:43   #11
markusg
/// Malware-holic
 
Telekom Brief; Verdacht auf Trojaner - Standard

Telekom Brief; Verdacht auf Trojaner



nur den PC.
daten sichern geht.
kannst du dir ne Vista cd (home) leihen?
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.06.2013, 17:57   #12
Treengo
 
Telekom Brief; Verdacht auf Trojaner - Standard

Telekom Brief; Verdacht auf Trojaner



Kann ich auch eine neuere Version von Windows installieren oder muss es Windows Vista(Home) sein?

Es ist ein Fertig PC.
Hersteller:Microstar
Typ:Intel Core 2 Squad CPU Q9300 2.50Ghz

So wie ich es richtig verstanden habe auf der Seite mit dem Neuaufsetzen ohne Windows CD...kann ich in meiner Situation nur Windows Vista installieren, weil ich nur die Windows Vista Lizenz habe?

Ich stehe ehrlich gesagt gerade etwas unter Druck, weil ich nicht rund um die Uhr die folgenden Anweisungen ausführen kann wegen der Arbeit. Dabei muss das ja so schnell wie möglich gemacht werden, sowohl das Bereinigen als auch das Neuaufsetzen oder?

LG

Alt 08.06.2013, 18:00   #13
markusg
/// Malware-holic
 
Telekom Brief; Verdacht auf Trojaner - Standard

Telekom Brief; Verdacht auf Trojaner



na, wenn du nich grad von dem pc aus einkaufst, können wir das schon in Ruhe angehen.
Du kannst mit deiner Vista lizenz nur vista instalieren, win7 müsste aber gehen.
Windows*7 Upgrade Advisor - Download - Microsoft Windows
einfach mal dieses Tool laufen lassenb
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.06.2013, 18:04   #14
Treengo
 
Telekom Brief; Verdacht auf Trojaner - Standard

Telekom Brief; Verdacht auf Trojaner



Das beruhigt mein ein wenig, aber ich habe noch einige Fragen. Ich hoffe es kommt nicht zu aufdringlich oder ähnliches.

1.Nur nochmal zur kompletten Sicherheit, den Laptop kann ich weiterhin nutzen ohne befürchten zu müssen, dass irgendeine Malware meine Daten stiehlt oder?
2.Da der PC jz infiziert ist, kann der Hacker auch auf die Daten auf dem Laptop zugreifen? Da der PC und der Laptop ja dieselbe Internetverbindung benutzen.

LG

Edit:
In meiner Aufregung habe ich vergessen mich für das Tool zu bedanken, Danke!

LG

Alt 08.06.2013, 18:19   #15
markusg
/// Malware-holic
 
Telekom Brief; Verdacht auf Trojaner - Standard

Telekom Brief; Verdacht auf Trojaner



Hi,
1. ja, wir können den Laptop ja noch weiter prüfen, aber lass uns erst mal mit dem PC weiter machen.
2. nein
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Telekom Brief; Verdacht auf Trojaner
administrator, anti-malware, autostart, computer, gelöscht, malwarebytes, problem, pup.blabbers, pup.fakeflash.domaiq, quarantäne, recycle.bin, service pack 2, speicher, telekom, trojan.spyeyes, trojaner, version, zugang




Ähnliche Themen: Telekom Brief; Verdacht auf Trojaner


  1. Win 7 - Verdacht auf Zeus / ZBot laut Telekom Abuse Team
    Log-Analyse und Auswertung - 17.05.2015 (31)
  2. Telekom Spam Mail (zip Datei) geöffnet - Verdacht auf Trojaner
    Log-Analyse und Auswertung - 26.01.2015 (21)
  3. Telekom-Trojaner
    Log-Analyse und Auswertung - 06.12.2014 (5)
  4. Anhang einer gefälschten Telekom-Email geöffnet. Verdacht auf Schadsoftware
    Log-Analyse und Auswertung - 01.12.2014 (7)
  5. Telekom-Browser für Telekom-Fans
    Nachrichten - 05.11.2014 (0)
  6. Telekom Trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.07.2014 (13)
  7. Telekom Deutschland GmbH Spam: Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden
    Diskussionsforum - 17.01.2014 (15)
  8. Schreiben von Telekom, dass Port 25 wegen Verdacht auf SPAM Mails eingeschränkt wurde
    Log-Analyse und Auswertung - 13.01.2014 (9)
  9. Nach Telekom ABUSE Brief - PC mit DUAL OS unter Verdacht, Vista sehr auffällig nach genauerer Betrachtung
    Log-Analyse und Auswertung - 08.10.2013 (21)
  10. Verdacht auf Hacking laut Brief von der Telekom
    Log-Analyse und Auswertung - 06.09.2013 (11)
  11. "Abuse-Meldung" von Telekom erhalten - Verdacht auf Schadsoftware..
    Log-Analyse und Auswertung - 03.09.2013 (13)
  12. Spam Verdacht Telekom Abuse
    Log-Analyse und Auswertung - 25.06.2013 (6)
  13. Trojaner/ Telekom schreibt Brief mit verdacht auf Hacking
    Log-Analyse und Auswertung - 16.06.2013 (19)
  14. Verdacht auf ZeuS/ZBot aufgrund von Telekom-Mail
    Plagegeister aller Art und deren Bekämpfung - 24.05.2013 (14)
  15. Telekom Hacking Verdacht
    Log-Analyse und Auswertung - 10.03.2013 (11)
  16. (2x) Telekom PDF Trojaner
    Mülltonne - 30.05.2012 (1)
  17. Telekom Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.11.2004 (13)

Zum Thema Telekom Brief; Verdacht auf Trojaner - Hallo Trojaner-Board Gemeinde, ich habe vor einigen Tagen einen Brief von der Telekom erhalten, in der steht, dass mein Internetzugang benutzt wurde um fremde Computer zu hacken. Deswegen wollte ich - Telekom Brief; Verdacht auf Trojaner...
Archiv
Du betrachtest: Telekom Brief; Verdacht auf Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.