| Fabio-84 | 16.11.2011 09:54 |
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:30 on 16/11/2011 (***)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
OTL Logfile: Code:
OTL logfile created on: 16.11.2011 09:35:03 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
11,99 Gb Total Physical Memory | 9,26 Gb Available Physical Memory | 77,24% Memory free
23,98 Gb Paging File | 20,98 Gb Available in Paging File | 87,47% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 55,90 Gb Free Space | 28,62% Space Free | Partition Type: NTFS
Drive D: | 366,21 Gb Total Space | 139,23 Gb Free Space | 38,02% Space Free | Partition Type: NTFS
Drive E: | 369,99 Gb Total Space | 82,33 Gb Free Space | 22,25% Space Free | Partition Type: NTFS
Drive H: | 390,63 Gb Total Space | 240,96 Gb Free Space | 61,69% Space Free | Partition Type: NTFS
Drive I: | 368,70 Gb Total Space | 80,60 Gb Free Space | 21,86% Space Free | Partition Type: NTFS
Drive J: | 195,31 Gb Total Space | 114,60 Gb Free Space | 58,67% Space Free | Partition Type: NTFS
Drive L: | 366,21 Gb Total Space | 135,78 Gb Free Space | 37,08% Space Free | Partition Type: NTFS
Drive M: | 369,99 Gb Total Space | 82,33 Gb Free Space | 22,25% Space Free | Partition Type: NTFS
Drive P: | 97,65 Gb Total Space | 0,68 Gb Free Space | 0,70% Space Free | Partition Type: NTFS
Drive Q: | 74,52 Gb Total Space | 39,14 Gb Free Space | 52,52% Space Free | Partition Type: NTFS
Computer Name: I920 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.11.16 09:29:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.11.09 10:57:00 | 001,089,536 | ---- | M] (Ralf Steinruecken ITecSoft) -- C:\Program Files (x86)\PhoneSuite_CTI_Client\phonesuite.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.29 02:38:56 | 000,400,040 | ---- | M] (Avira GmbH) -- C:\program files (x86)\avira\antivir desktop\avcenter.exe
PRC - [2011.06.29 02:38:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.01 13:44:54 | 008,003,448 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.06.01 12:09:02 | 000,609,904 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2011.04.29 02:26:55 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.25 22:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011.03.25 22:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2011.03.25 22:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010.11.03 16:06:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.08.26 15:52:46 | 000,494,128 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware View\Client\bin\wsnm.exe
PRC - [2010.05.10 12:54:38 | 001,725,440 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Program Files (x86)\Hardcopy\hardcopy.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.05.18 12:29:16 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
PRC - [2009.02.24 14:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
========== Modules (No Company Name) ==========
MOD - [2011.11.09 10:57:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\PhoneSuite_CTI_Client\ml_res.dll
MOD - [2011.11.09 10:57:00 | 000,094,208 | ---- | M] () -- c:\program files (x86)\phonesuite_cti_client\licence.dll
MOD - [2011.11.09 10:57:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\PhoneSuite_CTI_Client\tshk.dll
MOD - [2011.11.09 10:57:00 | 000,061,440 | ---- | M] () -- c:\program files (x86)\phonesuite_cti_client\itapi32.dll
MOD - [2010.06.03 12:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.05.10 12:39:14 | 000,772,096 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDllS.dll
MOD - [2010.04.21 10:00:35 | 000,058,368 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDLL2_30_Win32.dll
MOD - [2010.01.28 11:57:53 | 000,355,688 | ---- | M] () -- C:\program files (x86)\avira\antivir desktop\sqlite3.dll
MOD - [2009.08.19 12:20:37 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hardcopy_02.dll
MOD - [2009.02.27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010.10.26 14:44:00 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010.08.26 15:56:12 | 001,118,768 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe -- (wsnm_usbctrl)
SRV:64bit: - [2010.08.26 15:52:46 | 000,494,128 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV:64bit: - [2010.05.05 03:15:10 | 000,202,752 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.06.05 16:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV:64bit: - [2009.03.05 22:51:34 | 000,284,696 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
SRV:64bit: - [2008.07.29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.29 02:38:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.06.01 12:09:02 | 000,609,904 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011.04.29 02:26:55 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.25 22:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.03.25 22:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.03.25 22:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010.12.10 16:40:48 | 000,771,992 | ---- | M] (Netviewer AG) [Disabled | Stopped] -- C:\Program Files (x86)\Netviewer\Admin\nvRemoteHost.exe -- (nvRemote_Service)
SRV - [2010.10.26 14:48:14 | 001,974,080 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.10.26 14:43:56 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.08.20 23:53:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.08.19 12:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.07.30 09:08:52 | 000,031,856 | ---- | M] (Arainia Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Gizmo\gservice.exe -- (Gizmo Central)
SRV - [2010.06.24 15:41:38 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.06.10 18:15:44 | 002,480,048 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.07 23:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009.11.12 04:43:16 | 000,894,544 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.15 01:06:02 | 000,188,416 | ---- | M] (Oliver Marr) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\DriveSitter\DSSrv.exe -- (DriveSitterService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011.11.15 17:56:46 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\50594648.sys -- (50594648)
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.06.29 02:38:56 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.29 02:38:56 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.06.01 12:09:00 | 000,040,048 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.25 22:43:06 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.03.25 22:43:04 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.03.25 22:41:18 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011.03.25 22:41:08 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.03.25 19:05:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011.03.25 19:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.03.25 19:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.26 15:56:12 | 000,047,664 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmwvusb.sys -- (vmwvusb)
DRV:64bit: - [2010.07.30 09:08:53 | 000,032,840 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2010.07.14 11:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010.06.10 18:15:45 | 000,251,488 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010.06.10 18:15:43 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV:64bit: - [2010.06.10 18:15:42 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010.06.10 18:15:37 | 000,257,120 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010.05.05 03:47:08 | 006,789,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.05.05 02:23:24 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.03.09 11:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.01.27 03:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.09.28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 16:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.05 22:51:50 | 000,099,352 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SWIPsec.sys -- (SWIPsec)
DRV:64bit: - [2009.03.04 17:03:32 | 000,024,600 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWVNIC.sys -- (SWVNIC)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008.06.27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007.02.18 00:22:48 | 000,296,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Treiber\VMM.sys -- (vmm)
DRV:64bit: - [2007.02.03 09:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.02.03 09:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0)
DRV:64bit: - [2007.01.29 06:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV:64bit: - [2005.03.29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2010.10.07 13:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.08.19 12:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.08.14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@vmware.com/vmrc,version=2.5.0.00000: C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Users\***\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\netviewero2m@netviewero2m: C:\Program Files (x86)\Netviewer\Meet\Plugin\FF plugin\NVFFMeet [2011.01.26 12:07:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.06 07:29:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.06 07:29:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox60b5\components [2011.11.15 10:32:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox60b5\plugins [2011.10.06 07:51:33 | 000,000,000 | ---D | M]
[2011.01.05 21:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.01.05 21:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2010.08.19 21:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.11.11 15:30:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions
[2011.10.20 17:22:56 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011.10.06 06:43:06 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2010.06.13 20:56:44 | 000,000,000 | ---D | M] (Live PageRank) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions\{8061ddcf-3632-4287-8d8a-133e219ae838}
[2011.11.11 15:30:02 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2011.01.11 10:13:34 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011.05.17 14:34:01 | 000,000,000 | ---D | M] ("oneview Tools") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions\{E9A4B2C3-9857-4873-BA67-FB4271257B20}
[2011.08.26 08:18:15 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions\foxmarks@kei.com
[2011.10.28 12:43:15 | 000,000,000 | ---D | M] (KeeFox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions\keefox@chris.tomlinson
[2010.06.18 15:18:53 | 000,000,000 | ---D | M] (Open In RegEdit) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions\openinregedit@firefox
[2010.10.21 08:50:20 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions\toolbar@ask.com
[2010.12.09 15:16:12 | 000,000,000 | ---D | M] (VMware Remote Console Plug-in) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions\VMwareVMRC@vmware.com
[2011.10.06 07:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p182zatd.ff60b5\extensions
[2011.06.13 11:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.06.07 14:54:43 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.07.06 16:16:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.06.10 12:55:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.06.13 11:12:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.05 09:22:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.05 09:22:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.05 09:22:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.05 09:22:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.05 09:22:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.05 09:22:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.05 09:22:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
O1 HOSTS File: ([2011.08.08 11:58:21 | 000,003,312 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (DebugBar BHO) - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files (x86)\Core Services\DebugBar\DebugInfoBar.dll (Core Services)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Netviewer Meet) - {7F375858-2861-4FEC-88CF-FEE2D4E6D870} - C:\PROGRA~2\NETVIE~1\Meet\Plugin\IEPLUG~1\NVIEPL~1.DLL (Netviewer AG)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files (x86)\Core Services\DebugBar\DebugToolBar.dll (Core Services)
O3 - HKLM\..\Toolbar: (&Netviewer Meet) - {5D6FDD2C-2FED-43B9-8A9E-3F9FFA988E5D} - C:\PROGRA~2\NETVIE~1\Meet\Plugin\IEPLUG~1\NVIEPL~1.DLL (Netviewer AG)
O3 - HKCU\..\Toolbar\WebBrowser: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files (x86)\Core Services\DebugBar\DebugToolBar.dll (Core Services)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [C:\Program Files (x86)\NetMeter\NetMeter.exe] C:\Program Files (x86)\NetMeter\NetMeter.exe ()
O4 - HKCU..\Run: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~2\GIZMO\GDRIVE.DLL,Remount_Startup_Images File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\laufwerke.bat ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PhoneSuite CTI Client.lnk = C:\Program Files (x86)\PhoneSuite_CTI_Client\phonesuite.exe (Ralf Steinruecken ITecSoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll ()
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: yoda ([]file in Local intranet)
O15 - HKCU\..Trusted Domains: rnv-online.de ([citrix] https in Vertrauenswürdige Sites)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex64-2.2.5.7.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {B6FF15CD-5693-4744-A7BC-C19AE91746FE} https://owa.klinik-am-schloss.de/software/AVCT_KVM_VM.cab (Virtual Console)
O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} Reg Error: Key error. (VMware Remote Console Plug-in 2.5.0.00000)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.70.6 192.168.70.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mydomain.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9ADF5E86-1144-423E-BD93-5904445DE465}: DhcpNameServer = 192.168.70.6 192.168.70.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9ADF5E86-1144-423E-BD93-5904445DE465}: Domain = ticeba.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D89A2250-08B0-4D72-A523-A24DDFF2537C}: DhcpNameServer = 192.168.100.53 192.168.100.254 192.168.100.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll ()
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wsauth) - C:\Windows\SysNative\wsauth.dll (VMware, Inc.)
O30 - LSA: Security Packages - (wsauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.23 10:18:52 | 000,000,000 | ---- | M] () - Q:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.11.16 09:29:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.11.16 09:05:24 | 000,589,394 | ---- | C] (ReadError ) -- C:\Users\***\Desktop\NetMeter_v114_beta.exe
[2011.11.16 08:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.11.16 08:38:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2011.11.16 08:38:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2011.11.16 08:37:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CleanUp!
[2011.11.16 08:21:38 | 000,636,728 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\***\Desktop\autoruns.exe
[2011.11.16 08:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.11.16 08:10:12 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\50594648.sys
[2011.11.16 07:59:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.11.16 07:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.16 07:59:07 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.11.16 07:50:41 | 001,098,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\***\Desktop\procexp64.exe
[2011.11.16 07:50:16 | 004,845,856 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\***\Desktop\procexp.exe
[2011.11.15 17:24:09 | 013,169,992 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\***\Desktop\SUPERAntiSpywarePro.exe
[2011.11.15 17:16:45 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2011.11.15 17:12:00 | 000,000,000 | -HSD | C] -- C:\found.000
[2011.11.15 16:58:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.11.15 16:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.15 16:51:48 | 003,511,776 | ---- | C] (Piriform Ltd) -- C:\Users\***\Desktop\ccsetup312.exe
[2011.11.15 16:45:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com
[2011.11.15 16:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.11.15 16:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.11.15 16:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.11.15 16:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
[2011.11.15 16:38:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2011.11.15 15:43:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.11.10 12:06:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.11.10 10:05:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.11.10 10:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.11.09 11:57:49 | 000,293,888 | ---- | C] (Ralf Steinruecken ITecSoft) -- C:\Windows\SysNative\PhSuConn.tsp
[2011.11.09 11:57:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhoneSuite_CTI_Client
[2011.11.09 11:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhoneSuite_CTI_Client
[2011.11.09 11:56:19 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\workingDir
[2011.11.09 11:56:19 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\import
[2011.11.09 10:57:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhoneSuite_CTI_Client
[2011.10.31 09:29:07 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\backup db
[2011.10.28 12:45:58 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll
[2011.10.28 12:45:57 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BroSNMP.dll
[2011.10.28 12:45:57 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll
[2011.10.28 12:45:57 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll
[2011.10.28 12:42:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield
[2011.10.28 12:26:02 | 044,781,986 | ---- | C] (A.I.SOFT,INC.) -- C:\Users\***\Desktop\5890-INST-WIN7-A.EXE
[2011.10.28 12:25:40 | 011,441,642 | ---- | C] (A.I.SOFT,INC.) -- C:\Users\***\Desktop\CC3up_1.30.0020.EXE
[2011.10.24 12:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.10.24 12:23:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2011.10.21 19:32:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MindGems
[2011.10.21 19:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder Size
[2011.10.21 19:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Folder Size
[2010.06.10 18:15:46 | 001,136,456 | ---- | C] (Netviewer AG) -- C:\Program Files\NV_Meet_Moderator_DE.exe
========== Files - Modified Within 30 Days ==========
[2011.11.16 09:30:23 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.11.16 09:29:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.11.16 09:29:11 | 000,000,112 | ---- | M] () -- C:\Users\***\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.URL
[2011.11.16 09:28:46 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2011.11.16 09:23:05 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 60e109ce-9f09-4515-99c9-3d4c5d7b84f1.job
[2011.11.16 09:07:58 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\NetMeter.lnk
[2011.11.16 09:05:27 | 000,589,394 | ---- | M] (ReadError ) -- C:\Users\***\Desktop\NetMeter_v114_beta.exe
[2011.11.16 08:52:15 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.11.16 08:51:15 | 000,014,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.16 08:51:15 | 000,014,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.16 08:50:58 | 022,478,848 | ---- | M] () -- C:\Users\***\Desktop\SkypeSetup.msi
[2011.11.16 08:43:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.16 08:37:28 | 000,339,257 | ---- | M] () -- C:\Users\***\Desktop\CleanUp452.exe
[2011.11.16 08:13:59 | 001,098,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\***\Desktop\procexp64.exe
[2011.11.16 07:59:11 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.16 07:43:49 | 000,684,297 | ---- | M] () -- C:\Users\***\Desktop\unhide.exe
[2011.11.15 21:12:41 | 000,002,168 | -H-- | M] () -- \\yoda\eigene_dateien\***\Default.rdp
[2011.11.15 21:12:40 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011.11.15 21:12:40 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2011.11.15 17:56:46 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\50594648.sys
[2011.11.15 17:25:14 | 001,813,552 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.15 17:25:14 | 000,770,078 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.15 17:25:14 | 000,723,788 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.15 17:25:14 | 000,175,530 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.15 17:25:14 | 000,148,276 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.15 16:56:05 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.15 16:54:01 | 003,511,776 | ---- | M] (Piriform Ltd) -- C:\Users\***\Desktop\ccsetup312.exe
[2011.11.15 16:45:12 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2011.11.15 16:41:28 | 013,169,992 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\***\Desktop\SUPERAntiSpywarePro.exe
[2011.11.15 16:09:52 | 101,684,168 | ---- | M] () -- C:\Users\***\Desktop\setup_11.0.0.1245.x01_2011_11_15_17_56.exe
[2011.11.15 15:39:37 | 003,387,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.15 14:56:03 | 000,124,879 | ---- | M] () -- C:\Users\***\Desktop\Gutschrift Nr.20110102.pdf
[2011.11.15 14:55:42 | 000,142,090 | ---- | M] () -- C:\Users\***\Desktop\Gutschrift Nr.20112399.pdf
[2011.11.14 12:59:43 | 002,995,003 | ---- | M] () -- C:\Users\***\Desktop\pizzaboy-markierung.pdf
[2011.11.14 12:50:14 | 002,963,891 | ---- | M] () -- C:\Users\***\Desktop\pizzaboy-asaco-vertrtrag.pdf
[2011.11.09 15:21:19 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2011.11.09 14:24:59 | 000,000,054 | ---- | M] () -- C:\Users\***\Desktop\pizzaboy Pizzaservice Lieferservice online bestellen.URL
[2011.11.09 13:15:34 | 000,636,728 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\***\Desktop\autoruns.exe
[2011.11.09 11:57:49 | 000,002,007 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PhoneSuite CTI Client.lnk
[2011.11.09 11:57:49 | 000,001,937 | ---- | M] () -- C:\Users\***\Desktop\PhoneSuite CTI Client.lnk
[2011.11.08 10:08:10 | 000,396,069 | ---- | M] () -- C:\Users\***\Desktop\EDV-Pflege.pdf
[2011.11.08 10:07:30 | 000,146,389 | ---- | M] () -- C:\Users\***\Desktop\Angebot Nr.2011110702.pdf
[2011.11.07 14:02:55 | 000,123,608 | ---- | M] () -- C:\Users\***\Desktop\Rechnung Nr.20110099.pdf
[2011.11.02 08:51:35 | 000,113,469 | ---- | M] () -- C:\Users\***\Desktop\krug_Rechnung Nr.2011103002.pdf
[2011.11.02 08:20:28 | 000,049,867 | ---- | M] () -- C:\Users\***\Desktop\mozzarellasticks.jpg
[2011.11.01 12:00:05 | 044,781,986 | ---- | M] (A.I.SOFT,INC.) -- C:\Users\***\Desktop\5890-INST-WIN7-A.EXE
[2011.10.28 16:46:27 | 000,576,300 | ---- | M] () -- C:\Users\***\Desktop\scan2.pdf
[2011.10.28 16:39:49 | 000,717,025 | ---- | M] () -- C:\Users\***\Desktop\scan1.pdf
[2011.10.28 16:34:48 | 002,570,150 | ---- | M] () -- C:\Users\***\Desktop\manage.pdf
[2011.10.28 12:46:46 | 000,000,824 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2011.10.28 12:46:46 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini
[2011.10.28 12:46:15 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini
[2011.10.28 12:46:15 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bridf08a.dat
[2011.10.28 12:34:14 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2011.10.28 12:25:43 | 011,441,642 | ---- | M] (A.I.SOFT,INC.) -- C:\Users\***\Desktop\CC3up_1.30.0020.EXE
[2011.10.27 08:00:32 | 000,000,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\laufwerke.bat
[2011.10.25 08:39:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.10.24 10:13:34 | 001,794,458 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.21 19:32:53 | 000,001,049 | ---- | M] () -- C:\Users\***\Desktop\Folder Size.lnk
[2011.10.20 11:00:00 | 000,293,888 | ---- | M] (Ralf Steinruecken ITecSoft) -- C:\Windows\SysNative\PhSuConn.tsp
[2011.10.19 15:00:40 | 000,001,602 | ---- | M] () -- C:\Users\***\Desktop\a.php
[2011.10.19 14:26:17 | 000,001,104 | ---- | M] () -- C:\Users\***\Desktop\index.php
[2011.10.19 14:06:58 | 000,125,911 | ---- | M] () -- C:\Users\***\Desktop\Rechnung Nr.20110055.pdf
========== Files Created - No Company Name ==========
[2011.11.16 09:30:23 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.11.16 09:29:11 | 000,000,112 | ---- | C] () -- C:\Users\***\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.URL
[2011.11.16 09:28:46 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2011.11.16 09:05:45 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\NetMeter.lnk
[2011.11.16 08:52:15 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.11.16 08:50:50 | 022,478,848 | ---- | C] () -- C:\Users\***\Desktop\SkypeSetup.msi
[2011.11.16 08:37:26 | 000,339,257 | ---- | C] () -- C:\Users\***\Desktop\CleanUp452.exe
[2011.11.16 07:59:11 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.16 07:43:46 | 000,684,297 | ---- | C] () -- C:\Users\***\Desktop\unhide.exe
[2011.11.15 21:12:41 | 000,002,168 | -H-- | C] () -- \\yoda\eigene_dateien\***\Default.rdp
[2011.11.15 17:24:08 | 101,684,168 | ---- | C] () -- C:\Users\***\Desktop\setup_11.0.0.1245.x01_2011_11_15_17_56.exe
[2011.11.15 17:23:17 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 60e109ce-9f09-4515-99c9-3d4c5d7b84f1.job
[2011.11.15 16:56:05 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.15 16:45:12 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2011.11.15 14:55:59 | 000,124,879 | ---- | C] () -- C:\Users\***\Desktop\Gutschrift Nr.20110102.pdf
[2011.11.15 14:55:38 | 000,142,090 | ---- | C] () -- C:\Users\***\Desktop\Gutschrift Nr.20112399.pdf
[2011.11.14 12:59:39 | 002,995,003 | ---- | C] () -- C:\Users\***\Desktop\pizzaboy-markierung.pdf
[2011.11.14 12:50:10 | 002,963,891 | ---- | C] () -- C:\Users\***\Desktop\pizzaboy-asaco-vertrtrag.pdf
[2011.11.09 14:24:59 | 000,000,054 | ---- | C] () -- C:\Users\***\Desktop\pizzaboy Pizzaservice Lieferservice online bestellen.URL
[2011.11.09 11:57:49 | 000,002,007 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PhoneSuite CTI Client.lnk
[2011.11.09 11:57:49 | 000,001,937 | ---- | C] () -- C:\Users\***\Desktop\PhoneSuite CTI Client.lnk
[2011.11.07 16:54:49 | 000,146,389 | ---- | C] () -- C:\Users\***\Desktop\Angebot Nr.2011110702.pdf
[2011.11.07 16:41:33 | 000,396,069 | ---- | C] () -- C:\Users\***\Desktop\EDV-Pflege.pdf
[2011.11.07 14:02:52 | 000,123,608 | ---- | C] () -- C:\Users\***\Desktop\Rechnung Nr.20110099.pdf
[2011.11.02 08:51:33 | 000,113,469 | ---- | C] () -- C:\Users\***\Desktop\krug_Rechnung Nr.2011103002.pdf
[2011.11.02 08:20:26 | 000,049,867 | ---- | C] () -- C:\Users\***\Desktop\mozzarellasticks.jpg
[2011.10.28 16:46:26 | 000,576,300 | ---- | C] () -- C:\Users\***\Desktop\scan2.pdf
[2011.10.28 16:39:48 | 000,717,025 | ---- | C] () -- C:\Users\***\Desktop\scan1.pdf
[2011.10.28 16:34:45 | 002,570,150 | ---- | C] () -- C:\Users\***\Desktop\manage.pdf
[2011.10.28 12:46:02 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011.10.28 12:46:02 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.10.25 08:39:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.10.21 19:32:53 | 000,001,049 | ---- | C] () -- C:\Users\***\Desktop\Folder Size.lnk
[2011.10.19 15:02:54 | 000,001,602 | ---- | C] () -- C:\Users\***\Desktop\a.php
[2011.10.19 14:10:30 | 000,001,104 | ---- | C] () -- C:\Users\***\Desktop\index.php
[2011.10.19 14:06:55 | 000,125,911 | ---- | C] () -- C:\Users\***\Desktop\Rechnung Nr.20110055.pdf
[2010.12.08 15:41:27 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010.12.08 15:40:37 | 000,000,080 | ---- | C] () -- C:\Windows\Brownie.ini
[2010.11.12 09:57:08 | 000,360,448 | ---- | C] () -- C:\Program Files (x86)\PizzaFriendDB.sdf
[2010.09.26 18:35:48 | 000,004,096 | ---- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2010.08.03 18:04:12 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.06.27 17:18:28 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2010.06.20 11:34:59 | 001,794,458 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.06.19 13:45:36 | 000,000,121 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2010.06.19 12:37:59 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.06.13 12:14:45 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.11 10:54:24 | 000,000,824 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010.06.11 10:54:24 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010.06.11 10:53:42 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.06.11 10:53:42 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.06.11 10:53:17 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2010.06.10 19:12:15 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010.06.10 18:54:26 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2010.06.10 18:53:43 | 000,005,308 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.06.10 17:35:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.06.10 15:58:13 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2010.06.10 15:58:11 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.06.10 15:58:11 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.04.28 22:17:50 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.01.27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.09.30 11:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v60.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.10.30 17:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v60.dll
[2008.10.30 16:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v60.dll
[2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll
[2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll
[2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll
========== LOP Check ==========
[2011.03.14 20:33:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis
[2010.08.13 22:47:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\adma
[2010.12.22 18:06:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2010.06.21 09:20:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service GmbH
[2010.08.03 18:04:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2010.11.22 08:52:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CounterPath Corporation
[2011.02.28 14:27:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DataDesign
[2011.11.15 08:28:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.08.04 00:59:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2010.11.11 10:37:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2010.07.30 12:04:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER
[2011.05.29 21:26:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gizmo
[2010.07.05 10:11:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.08.16 09:09:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICAClient
[2011.07.03 09:40:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JAM Software
[2011.11.16 09:34:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass
[2010.10.21 12:27:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kikin
[2010.06.12 11:25:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda
[2011.09.13 08:12:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NetMeter
[2010.06.05 13:37:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2010.06.10 16:32:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.06.10 12:58:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.06.26 13:28:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2011.07.19 12:01:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Password Solutions
[2010.06.05 13:36:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2010.06.20 11:37:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhonerLite
[2011.06.19 15:01:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScreeNet iSaver
[2011.04.25 18:20:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skinux
[2011.06.20 08:26:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SmartTools
[2011.03.14 11:10:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SQLyog
[2010.06.02 15:08:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion
[2011.11.11 20:23:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.08.19 21:24:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2010.06.13 11:03:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2010.11.14 16:04:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.09.16 20:37:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions
[2009.07.14 06:08:49 | 000,032,382 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.11.16 09:23:05 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 60e109ce-9f09-4515-99c9-3d4c5d7b84f1.job
========== Purity Check ==========
< End of report >
--- --- --- |
